a7b38d586619db0335c48667eccb2518493632484c129a4d2d71709a3e2cbb1e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

a7b38d5866...1e.exe

windows7-x64

a7b38d5866...1e.exe

windows10-2004-x64

8

Sharing

General

Target

a7b38d586619db0335c48667eccb2518493632484c129a4d2d71709a3e2cbb1e
Size

1.3MB
Sample

221204-kanssaff2x
MD5

6320e731dade6b75698a406f2eaf1ac0
SHA1

4b54fc9d09b44f1d72aeb1e9be7072a65a62c51f
SHA256

a7b38d586619db0335c48667eccb2518493632484c129a4d2d71709a3e2cbb1e
SHA512

759dbe8ed8abe379e5115c2988fae1b86b8c27753314c6dca82782a97c9bd36714b043ef9ba365b12d11d8f49eab058a0aacfa53ec46a8a6557bcd109d1c71f8
SSDEEP

6144:llt/9LvG6g6vdZwhvvH9cXdq0etw9R5mY0uMZVGmoJFCvngBt43wchCREaFRVser:lL/9LYgPWcX0Nw9uZarnCvnEtShMoSB

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a7b38d586619db0335c48667eccb2518493632484c129a4d2d71709a3e2cbb1e.exe

Resource

win7-20221111-en

evasion persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a7b38d586619db0335c48667eccb2518493632484c129a4d2d71709a3e2cbb1e.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  a7b38d586619db0335c48667eccb2518493632484c129a4d2d71709a3e2cbb1e
- Size
  
  1.3MB
- MD5
  
  6320e731dade6b75698a406f2eaf1ac0
- SHA1
  
  4b54fc9d09b44f1d72aeb1e9be7072a65a62c51f
- SHA256
  
  a7b38d586619db0335c48667eccb2518493632484c129a4d2d71709a3e2cbb1e
- SHA512
  
  759dbe8ed8abe379e5115c2988fae1b86b8c27753314c6dca82782a97c9bd36714b043ef9ba365b12d11d8f49eab058a0aacfa53ec46a8a6557bcd109d1c71f8
- SSDEEP
  
  6144:llt/9LvG6g6vdZwhvvH9cXdq0etw9R5mY0uMZVGmoJFCvngBt43wchCREaFRVser:lL/9LYgPWcX0Nw9uZarnCvnEtShMoSB
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

© 2018-2025

Terms | Privacy