3273f8b3b262944cf6f7b5eaf34eebf3a1381fe594b2b33b57eb57b01148cdec | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

level.dat

windows10-1703-x64

8

level.dat_old

windows10-1703-x64

3

Sharing

General

Target

smp.mcworld
Size

1.3MB
Sample

230112-3rpqhsfe2s
MD5

d8ca0e93cb754a585eca7cc931ccfd27
SHA1

3317dd336e14c0e112afd446d9fcb2283a808e00
SHA256

3273f8b3b262944cf6f7b5eaf34eebf3a1381fe594b2b33b57eb57b01148cdec
SHA512

d8489b8fbdf176e2d2f8a7014229a4456b6696053cf0e55cc31825f1533ac75d3672aa65cdce1fad7506c953b022c428b709820c0fc34d09a280d0ac577195d4
SSDEEP

24576:1/n3XEoYHW3AAFUXPQYptF0UWddSy4E6++VJocK48ud7Llsi9eKEpgS:1/nHZYW3AAFY1tF0UkdSyKzmLkWgS

Score

8^/10

discovery pyinstaller

Static task

static1

Behavioral task

behavioral1

Sample

level.dat

Resource

win10-20220812-en

discovery pyinstaller

windows10-1703-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

level.dat_old

Resource

win10-20220901-en

windows10-1703-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  level.dat
- Size
  
  2KB
- MD5
  
  323fd09913379c03f4801bc80daf3aaf
- SHA1
  
  2efa1fab476d0edceaa5536b0085a291c40d04e8
- SHA256
  
  a7bbe1392629bccdfbc456ed1c65b858a4fa428c5b727f5202f6d3381811fea8
- SHA512
  
  c11680a5bd10126fc068374404a381309b5b99e47b3668568897b7a800861cefc261a9ab52edc48b01ff03312aa05f8cc2b9c27635a07dafc3b13009c23df711
Score

8^/10

discovery pyinstaller
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  level.dat_old
- Size
  
  2KB
- MD5
  
  e183dcb4bd6eacebc6cc33369b53ba28
- SHA1
  
  e665541b8674e2572727bd406a431867d4c1b1f4
- SHA256
  
  5b222f93bde3f37c30e47ded515e9335a57887e4b2c47e367c817a90ca0d20cd
- SHA512
  
  22ddf5e30179377644a6a59b57c9d7fbea0713f1518ff42c8c4a0e889493ff73a41693525f695b43efffc93f20a5f668cf704a59aa49e34b63f8f8a016739492
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Network Service Scanning

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypyinstaller

behavioral2

© 2018-2025

Terms | Privacy