d305da0f4ca8d0675218747ec7f6dd2357b4a4187627f40fdafca23d90e5d232 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

d305da0f4c...32.dll

windows7-x64

d305da0f4c...32.dll

windows10-2004-x64

Sharing

General

Target

d305da0f4ca8d0675218747ec7f6dd2357b4a4187627f40fdafca23d90e5d232
Size

26KB
Sample

221205-v6q8wsba89
MD5

926ecb7f90014b663b7cff31b689517d
SHA1

943262a40dea888a3e635dad1a0977782578be46
SHA256

d305da0f4ca8d0675218747ec7f6dd2357b4a4187627f40fdafca23d90e5d232
SHA512

1d33e2c0119ebeb8a737c2ca86b209ed85b333b76d125e03b461c7f85d48fa459f193ffbb944b0b20961a33d1270a22a533e0ec3343e24a9ff4c3a0c6a2fed9f
SSDEEP

384:GhDR3tFHvfJIVNkVgJ6xzB6vh1vq2TxD99eYXzLFx+WHWyW4BbffTkGsVD35kVDp:GhJtf3S6xzqhlq2n97toBQpIS

Score

10^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

d305da0f4ca8d0675218747ec7f6dd2357b4a4187627f40fdafca23d90e5d232.dll

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d305da0f4ca8d0675218747ec7f6dd2357b4a4187627f40fdafca23d90e5d232.dll

Resource

win10v2004-20220901-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d305da0f4ca8d0675218747ec7f6dd2357b4a4187627f40fdafca23d90e5d232
- Size
  
  26KB
- MD5
  
  926ecb7f90014b663b7cff31b689517d
- SHA1
  
  943262a40dea888a3e635dad1a0977782578be46
- SHA256
  
  d305da0f4ca8d0675218747ec7f6dd2357b4a4187627f40fdafca23d90e5d232
- SHA512
  
  1d33e2c0119ebeb8a737c2ca86b209ed85b333b76d125e03b461c7f85d48fa459f193ffbb944b0b20961a33d1270a22a533e0ec3343e24a9ff4c3a0c6a2fed9f
- SSDEEP
  
  384:GhDR3tFHvfJIVNkVgJ6xzB6vh1vq2TxD99eYXzLFx+WHWyW4BbffTkGsVD35kVDp:GhJtf3S6xzqhlq2n97toBQpIS
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.