f1439a6c37bd4b32d86b80966266f07812e6f62a8ae8f96436aadef4b4b03025 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

最新西�...��.url

windows7-x64

1

最新西�...��.url

windows10-2004-x64

1

�...A .exe

windows7-x64

9

�...A .exe

windows10-2004-x64

9

Sharing

General

Target

f1439a6c37bd4b32d86b80966266f07812e6f62a8ae8f96436aadef4b4b03025
Size

1.8MB
Sample

221201-zp1hfsaf67
MD5

06aad1bfeb81d72e5bd28fe3c5d2a544
SHA1

146de18e1f5b5a7aa7d82696fa5db2c9e25df6d9
SHA256

f1439a6c37bd4b32d86b80966266f07812e6f62a8ae8f96436aadef4b4b03025
SHA512

1a4c70debc5bbcc029a2d5a6a660882171e66025d68c51deeada4529973f87b400a147a54ed3a5c8063055d0dbc1e1268dbd501c26b05db49e0915606951580a
SSDEEP

49152:M9/wg31hawmqf4B+gsSvyHSkVnSqz+W+diLysU:wl31h+qf4B+OwSsSM+0G

Score

9^/10

evasion upx

Static task

static1

Behavioral task

behavioral1

Sample

最新西西游戏外挂网.url

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

最新西西游戏外挂网.url

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

ľͷˡ10.5A .exe

Resource

win7-20220812-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral4

Sample

ľͷˡ10.5A .exe

Resource

win10v2004-20221111-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  最新西西游戏外挂网.url
- Size
  
  181B
- MD5
  
  bf12e97a4b4289845887cf9ea2305b15
- SHA1
  
  f6ea0d3a69497c2c13f0064aca97f7910c6721a1
- SHA256
  
  68fc6bcbbe136dcfbaa0d4869700a6fb33f89401278b413b2a753533ffa54ace
- SHA512
  
  bff0f9c5fae5cc4f2bd96698767d04b16758bc322e62d8eac23c584c12e3e23b655749ec3f97b88364f858edcfd4969415a8be13bf4210ae2abc74e38a7b3b8d
Score

1^/10
behavioral1 behavioral2
- Target
  
  ľͷˡ10.5A .exe
- Size
  
  3.1MB
- MD5
  
  6888bf89383dc531b5f48565473ff282
- SHA1
  
  8a5637aaabdf6cf33f01497a8a30f6df1d3c8423
- SHA256
  
  28277d5645f1d59fda3b93f301ccadb051a4de4263ae3e26f7b7347ca4ec0816
- SHA512
  
  44c6744af094eb9aaf0e1778069e8b591880fb57ae3d5140db52273523e43f43c07249afd9b7ab3f64d7d8f2f952b8d7ce5123c9d46ebcec3d1c1bbe64c8be84
- SSDEEP
  
  49152:FZzgXr4iTZaqdwk0c05HGimCJLMBXVr05fc0rw:vcr4iYqdwkLcHHpYnRl
Score

9^/10

evasion upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy