9b932af0c798ea2b64c86bb9fbaf4f669658a97a61b45756402dbb03f274402e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

9b932af0c7...2e.exe

windows7-x64

9b932af0c7...2e.exe

windows10-2004-x64

Sharing

General

Target

9b932af0c798ea2b64c86bb9fbaf4f669658a97a61b45756402dbb03f274402e
Size

43KB
Sample

221207-dvvcqsah99
MD5

b8e9ef8d6bf4972d608489b534452cfd
SHA1

8a5f2646ab7d98ed5137c9edc0e748b930fe1c67
SHA256

9b932af0c798ea2b64c86bb9fbaf4f669658a97a61b45756402dbb03f274402e
SHA512

486e8b9956958166dbed170ef7bbe5170c5786588af130c47a9f737151aad7942cceac33dde61e306d295082cc51489261f2c8e58ec4f8379bdd815eb83a174d
SSDEEP

768:dBYFvsPzboLlriC1JWOTFkaP4mrDnnD3gRbcixa4i5YtyI++hf:d6tsPzkpri2acFjwRFxlXtyIZd

Score

10^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9b932af0c798ea2b64c86bb9fbaf4f669658a97a61b45756402dbb03f274402e.exe

Resource

win7-20220901-en

evasion persistence trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b932af0c798ea2b64c86bb9fbaf4f669658a97a61b45756402dbb03f274402e.exe

Resource

win10v2004-20221111-en

evasion persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  9b932af0c798ea2b64c86bb9fbaf4f669658a97a61b45756402dbb03f274402e
- Size
  
  43KB
- MD5
  
  b8e9ef8d6bf4972d608489b534452cfd
- SHA1
  
  8a5f2646ab7d98ed5137c9edc0e748b930fe1c67
- SHA256
  
  9b932af0c798ea2b64c86bb9fbaf4f669658a97a61b45756402dbb03f274402e
- SHA512
  
  486e8b9956958166dbed170ef7bbe5170c5786588af130c47a9f737151aad7942cceac33dde61e306d295082cc51489261f2c8e58ec4f8379bdd815eb83a174d
- SSDEEP
  
  768:dBYFvsPzboLlriC1JWOTFkaP4mrDnnD3gRbcixa4i5YtyI++hf:d6tsPzkpri2acFjwRFxlXtyIZd
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2025

Terms | Privacy