8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8448cb641c...90.exe

windows7-x64

8

8448cb641c...90.exe

windows10-2004-x64

1

Sharing

General

Target

8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90
Size

172KB
Sample

221202-2vmvnafe2w
MD5

e192ba029e3e51fbb4968be451dd02c3
SHA1

501dd63e9584629c0fa3fe965ee8006fe4bc12c9
SHA256

8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90
SHA512

e21f5d9ef0e87a9d1269ec833c4e72a0d6f78ea96479eda67532c77e62f5f1cdba1a2bb83ac74576ecb916afb7c7deb57624574dfa77f9051b3a6422df62e2fb
SSDEEP

3072:QH69DiMTdgP6RvRP5VwYznpDB/vWwvbSlJHy/r/zMJmd7DX4Xj:th3CSR1Q6L/vNvySj/zCgDXw

Score

8^/10

persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90.exe

Resource

win7-20221111-en

persistence spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90
- Size
  
  172KB
- MD5
  
  e192ba029e3e51fbb4968be451dd02c3
- SHA1
  
  501dd63e9584629c0fa3fe965ee8006fe4bc12c9
- SHA256
  
  8448cb641cecddcebb71006ca0368e94b587261cb314f7498fbc916625954b90
- SHA512
  
  e21f5d9ef0e87a9d1269ec833c4e72a0d6f78ea96479eda67532c77e62f5f1cdba1a2bb83ac74576ecb916afb7c7deb57624574dfa77f9051b3a6422df62e2fb
- SSDEEP
  
  3072:QH69DiMTdgP6RvRP5VwYznpDB/vWwvbSlJHy/r/zMJmd7DX4Xj:th3CSR1Q6L/vNvySj/zCgDXw
Score

8^/10

persistence spyware stealer upx
- Executes dropped EXE
- Modifies AppInit DLL entries
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy