12bbd37a1d104d48dab231eb2ba24970ed7e04cb5cf7f8bf8dd86d0ee2fe94ab | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

12bbd37a1d...ab.exe

windows7-x64

8

12bbd37a1d...ab.exe

windows10-2004-x64

8

Sharing

General

Target

12bbd37a1d104d48dab231eb2ba24970ed7e04cb5cf7f8bf8dd86d0ee2fe94ab
Size

764KB
Sample

221205-n63tcscb5y
MD5

ee387cfe47dae2dce528a50eff0ef099
SHA1

c763c190a8a01966764dbefa859573d4d8387374
SHA256

12bbd37a1d104d48dab231eb2ba24970ed7e04cb5cf7f8bf8dd86d0ee2fe94ab
SHA512

11c8ae1e270f82475d4f4fb4d82071669603c4259ffaf91d0642bfc158c21dc02c5ded66482bda61566ef3af1e2013924a331d92eae467768ea1c5efcb8e276e
SSDEEP

12288:ahkDgouVr2nxKkorvdRgQriDwOIxmxiZnYQE7PJc54arH7RwU2aPqfU:aRRJkcoQricOIQxiZY1barHFwU5PqM

Score

8^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

12bbd37a1d104d48dab231eb2ba24970ed7e04cb5cf7f8bf8dd86d0ee2fe94ab.exe

Resource

win7-20221111-en

evasion persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

12bbd37a1d104d48dab231eb2ba24970ed7e04cb5cf7f8bf8dd86d0ee2fe94ab.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  12bbd37a1d104d48dab231eb2ba24970ed7e04cb5cf7f8bf8dd86d0ee2fe94ab
- Size
  
  764KB
- MD5
  
  ee387cfe47dae2dce528a50eff0ef099
- SHA1
  
  c763c190a8a01966764dbefa859573d4d8387374
- SHA256
  
  12bbd37a1d104d48dab231eb2ba24970ed7e04cb5cf7f8bf8dd86d0ee2fe94ab
- SHA512
  
  11c8ae1e270f82475d4f4fb4d82071669603c4259ffaf91d0642bfc158c21dc02c5ded66482bda61566ef3af1e2013924a331d92eae467768ea1c5efcb8e276e
- SSDEEP
  
  12288:ahkDgouVr2nxKkorvdRgQriDwOIxmxiZnYQE7PJc54arH7RwU2aPqfU:aRRJkcoQricOIQxiZY1barHFwU5PqM
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy