bbf9222688683f6c73451b8ab123ef4425c0235b072f8a15e8e8f4cf45b913cb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

bbf9222688...cb.exe

windows7-x64

8

bbf9222688...cb.exe

windows10-2004-x64

8

Sharing

General

Target

bbf9222688683f6c73451b8ab123ef4425c0235b072f8a15e8e8f4cf45b913cb
Size

356KB
Sample

221202-vzhyyacf2v
MD5

a54cc87295c32b81d5c3ccb7fe4f22ff
SHA1

3792b224bf89d8682a256431fed4b343dd61fe36
SHA256

bbf9222688683f6c73451b8ab123ef4425c0235b072f8a15e8e8f4cf45b913cb
SHA512

cbe47a49544d78f195ff7bb345f006b879eb1de0d803ecb7922193915887bbc8fe89a418f6a092055e5841129cc46faca45c6018f637477df6d0a595b9bfdb5b
SSDEEP

6144:Fu2urzh9xu/XkauF5JgIy2uaufWG7Jb1juH5Ek8rbyytnhPAY2z+VWpRFd9rJiPz:Futrzh9xOXkWPkufWG7GZENfNhDi7rJ6

Score

8^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

bbf9222688683f6c73451b8ab123ef4425c0235b072f8a15e8e8f4cf45b913cb.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbf9222688683f6c73451b8ab123ef4425c0235b072f8a15e8e8f4cf45b913cb.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbf9222688683f6c73451b8ab123ef4425c0235b072f8a15e8e8f4cf45b913cb
- Size
  
  356KB
- MD5
  
  a54cc87295c32b81d5c3ccb7fe4f22ff
- SHA1
  
  3792b224bf89d8682a256431fed4b343dd61fe36
- SHA256
  
  bbf9222688683f6c73451b8ab123ef4425c0235b072f8a15e8e8f4cf45b913cb
- SHA512
  
  cbe47a49544d78f195ff7bb345f006b879eb1de0d803ecb7922193915887bbc8fe89a418f6a092055e5841129cc46faca45c6018f637477df6d0a595b9bfdb5b
- SSDEEP
  
  6144:Fu2urzh9xu/XkauF5JgIy2uaufWG7Jb1juH5Ek8rbyytnhPAY2z+VWpRFd9rJiPz:Futrzh9xOXkWPkufWG7GZENfNhDi7rJ6
Score

8^/10

evasion persistence
- Creates new service(s)
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

New Service

Privilege Escalation

New Service

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy