65b48b38d1f25a5aa5061bd7415eca794ca63ffe09bd48cd4126884d999157b4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

65b48b38d1...b4.exe

windows7-x64

8

65b48b38d1...b4.exe

windows10-2004-x64

3

Sharing

General

Target

65b48b38d1f25a5aa5061bd7415eca794ca63ffe09bd48cd4126884d999157b4
Size

815KB
Sample

221205-rb2jlafe62
MD5

07fffda4ad82aa2b7ca3438a65139380
SHA1

4a6c3573d599aed6f730e52c68d2e87d77743290
SHA256

65b48b38d1f25a5aa5061bd7415eca794ca63ffe09bd48cd4126884d999157b4
SHA512

9dafe2d2255aee7e00805cc438c77a02e4e5c72037f2b3a076f5670e7f6542062936566ecd9e20afbee780ecaa6ec839ab9050a21900b14109a629cc5febb437
SSDEEP

12288:WGkn72SZWFNcJ7z1dR1e+K8W+jkBhEWW299paX4V/ZCm04VY1ynglaQTsB+G1fcB:W/72SZWktjXHkbWG2Gh57Y1qgMB+IEnB

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

65b48b38d1f25a5aa5061bd7415eca794ca63ffe09bd48cd4126884d999157b4.exe

Resource

win7-20221111-en

discovery persistence spyware stealer upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

65b48b38d1f25a5aa5061bd7415eca794ca63ffe09bd48cd4126884d999157b4.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  65b48b38d1f25a5aa5061bd7415eca794ca63ffe09bd48cd4126884d999157b4
- Size
  
  815KB
- MD5
  
  07fffda4ad82aa2b7ca3438a65139380
- SHA1
  
  4a6c3573d599aed6f730e52c68d2e87d77743290
- SHA256
  
  65b48b38d1f25a5aa5061bd7415eca794ca63ffe09bd48cd4126884d999157b4
- SHA512
  
  9dafe2d2255aee7e00805cc438c77a02e4e5c72037f2b3a076f5670e7f6542062936566ecd9e20afbee780ecaa6ec839ab9050a21900b14109a629cc5febb437
- SSDEEP
  
  12288:WGkn72SZWFNcJ7z1dR1e+K8W+jkBhEWW299paX4V/ZCm04VY1ynglaQTsB+G1fcB:W/72SZWktjXHkbWG2Gh57Y1qgMB+IEnB
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy