c4a82c03574924a566036306258c1e16da7cc53417b86297925aecd115a15485 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

c4a82c0357...85.exe

windows7-x64

8

c4a82c0357...85.exe

windows10-2004-x64

8

Sharing

General

Target

c4a82c03574924a566036306258c1e16da7cc53417b86297925aecd115a15485
Size

68KB
Sample

221203-2tc9tscf64
MD5

f2cf3c7dc180d86be4631f20336c156f
SHA1

41fb4a5b4da1c04a0d3df1aa4fbd58f262e2f6d5
SHA256

c4a82c03574924a566036306258c1e16da7cc53417b86297925aecd115a15485
SHA512

97943c17613191be5e3332b613cb2eda7ccc9f0b9d1bf9b27a6c205bc4b4ac32dd52383a189dc9e367e3a6cc2e335f3fdb2db80053e89b1d4ad7ccbdedb02f00
SSDEEP

1536:p1xXPTuoGIBhnKs8aY6y6iuYQSewnnvxiBoKB62vNTVYfZIe:9+aY4ge2xuqkNpA

Score

8^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

c4a82c03574924a566036306258c1e16da7cc53417b86297925aecd115a15485.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c4a82c03574924a566036306258c1e16da7cc53417b86297925aecd115a15485.exe

Resource

win10v2004-20220812-en

evasion persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  c4a82c03574924a566036306258c1e16da7cc53417b86297925aecd115a15485
- Size
  
  68KB
- MD5
  
  f2cf3c7dc180d86be4631f20336c156f
- SHA1
  
  41fb4a5b4da1c04a0d3df1aa4fbd58f262e2f6d5
- SHA256
  
  c4a82c03574924a566036306258c1e16da7cc53417b86297925aecd115a15485
- SHA512
  
  97943c17613191be5e3332b613cb2eda7ccc9f0b9d1bf9b27a6c205bc4b4ac32dd52383a189dc9e367e3a6cc2e335f3fdb2db80053e89b1d4ad7ccbdedb02f00
- SSDEEP
  
  1536:p1xXPTuoGIBhnKs8aY6y6iuYQSewnnvxiBoKB62vNTVYfZIe:9+aY4ge2xuqkNpA
Score

8^/10

evasion persistence trojan
- Creates new service(s)
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy