4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

4a6deb36dd...90.exe

windows7-x64

4a6deb36dd...90.exe

windows10-2004-x64

Sharing

General

Target

4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590
Size

77KB
Sample

221204-bsczkaaa2y
MD5

0220615191ea4e9d6f4442b57b7be970
SHA1

0ac943ed69468babfd8fe7ff62534763fe835805
SHA256

4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590
SHA512

af7554c39d80779b28e463d89cc89ca04edd141c6d5062c516548e8d3cf24ffe31e632297e98d59c8f685e9ea6d9eb61d5685c939e619084cb5a8bd0a02b4706
SSDEEP

768:QMXkE7U60L5jTgc/iPQc0Ic+a+GlKyHu0y3u02qU6E4/IJe/nbcuyD7UIu:QMUYU6U5jUdPQc+n35KZg8/nouy8Iu

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590.exe

Resource

win7-20220812-en

evasion persistence trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590.exe

Resource

win10v2004-20220812-en

evasion persistence trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590
- Size
  
  77KB
- MD5
  
  0220615191ea4e9d6f4442b57b7be970
- SHA1
  
  0ac943ed69468babfd8fe7ff62534763fe835805
- SHA256
  
  4a6deb36dd1500d2cf1dc7a1a562e665a46018c1386a1e4159a6a688f1a5a590
- SHA512
  
  af7554c39d80779b28e463d89cc89ca04edd141c6d5062c516548e8d3cf24ffe31e632297e98d59c8f685e9ea6d9eb61d5685c939e619084cb5a8bd0a02b4706
- SSDEEP
  
  768:QMXkE7U60L5jTgc/iPQc0Ic+a+GlKyHu0y3u02qU6E4/IJe/nbcuyD7UIu:QMUYU6U5jUdPQc+n35KZg8/nouy8Iu
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy