8a77d5183257efe270e01da6034970f0761525676af87ea55bbf59355a4fce50 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

8a77d51832...50.exe

windows7-x64

7

8a77d51832...50.exe

windows10-2004-x64

7

Sharing

General

Target

8a77d5183257efe270e01da6034970f0761525676af87ea55bbf59355a4fce50.exe
Size

769KB
Sample

230322-x6al9ach2t
MD5

6ae9aa383b94ddcbb3d72f224e7916b0
SHA1

b0e1d688491401fbad958d0a300ef0d7cd828840
SHA256

8a77d5183257efe270e01da6034970f0761525676af87ea55bbf59355a4fce50
SHA512

e1afa9af9d83e852696d9631beb15816aaef8b650dbaf02844e736b1fe68baadad1877c11590d645e52120067887c6e1351763566bcfd69b4d97f58a152d8159
SSDEEP

24576:aTlAfGAsaExEPVkc5OtG3dbJaetN647jS67U1OM+EOw/j2j1P9X:agNsamElOc3mo68Veod+21PR

Score

7^/10

bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8a77d5183257efe270e01da6034970f0761525676af87ea55bbf59355a4fce50.exe

Resource

win7-20230220-en

bootkit discovery persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8a77d5183257efe270e01da6034970f0761525676af87ea55bbf59355a4fce50.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8a77d5183257efe270e01da6034970f0761525676af87ea55bbf59355a4fce50.exe
- Size
  
  769KB
- MD5
  
  6ae9aa383b94ddcbb3d72f224e7916b0
- SHA1
  
  b0e1d688491401fbad958d0a300ef0d7cd828840
- SHA256
  
  8a77d5183257efe270e01da6034970f0761525676af87ea55bbf59355a4fce50
- SHA512
  
  e1afa9af9d83e852696d9631beb15816aaef8b650dbaf02844e736b1fe68baadad1877c11590d645e52120067887c6e1351763566bcfd69b4d97f58a152d8159
- SSDEEP
  
  24576:aTlAfGAsaExEPVkc5OtG3dbJaetN647jS67U1OM+EOw/j2j1P9X:agNsamElOc3mo68Veod+21PR
Score

7^/10

bootkit discovery persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2025

Terms | Privacy