ab3aa6f41e5056db625a0bbe3df17cb045e676a40a4cec53847a97ce903c423b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ab3aa6f41e...3b.exe

windows7-x64

8

ab3aa6f41e...3b.exe

windows10-2004-x64

Sharing

General

Target

ab3aa6f41e5056db625a0bbe3df17cb045e676a40a4cec53847a97ce903c423b
Size

583KB
Sample

221203-s24bjsch63
MD5

7ec9800e97ecb6f8b8590cf7c06da578
SHA1

b5a5fb4aa3588cb4ed3b0be5f9985a3810d32114
SHA256

ab3aa6f41e5056db625a0bbe3df17cb045e676a40a4cec53847a97ce903c423b
SHA512

95ec1c77dbf961ceb8183b0ceeb0be67ef01444f9e525ab26a0f3d8e1623efb195e71e9cd911aca84cf4fa28469a32356a399ba75d75c3268211c955cd9367c1
SSDEEP

12288:x2dcc3zvSUGljdYqvUkKr06SaGLB88B0oOR4xcOx:IN6UivvUkKA6SfLBPB0oOix

Score

8^/10

discovery evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ab3aa6f41e5056db625a0bbe3df17cb045e676a40a4cec53847a97ce903c423b.exe

Resource

win7-20220812-en

discovery evasion persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab3aa6f41e5056db625a0bbe3df17cb045e676a40a4cec53847a97ce903c423b.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  ab3aa6f41e5056db625a0bbe3df17cb045e676a40a4cec53847a97ce903c423b
- Size
  
  583KB
- MD5
  
  7ec9800e97ecb6f8b8590cf7c06da578
- SHA1
  
  b5a5fb4aa3588cb4ed3b0be5f9985a3810d32114
- SHA256
  
  ab3aa6f41e5056db625a0bbe3df17cb045e676a40a4cec53847a97ce903c423b
- SHA512
  
  95ec1c77dbf961ceb8183b0ceeb0be67ef01444f9e525ab26a0f3d8e1623efb195e71e9cd911aca84cf4fa28469a32356a399ba75d75c3268211c955cd9367c1
- SSDEEP
  
  12288:x2dcc3zvSUGljdYqvUkKr06SaGLB88B0oOR4xcOx:IN6UivvUkKA6SfLBPB0oOix
Score

8^/10

discovery evasion persistence trojan upx
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

© 2018-2025

Terms | Privacy