140f2e0a4f4163af3dc66274beb504a5ff554a46297c27ec039077b8d211b56f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

recoverit_...74.exe

windows7-x64

8

recoverit_...74.exe

windows10-2004-x64

8

Sharing

General

Target

recoverit_setup_full4174.exe
Size

1.2MB
Sample

230521-mhbvascb4y
MD5

3e01349dab2dbe1158981ed976ca59f9
SHA1

47189c1ec868823309193083a5b6311677893097
SHA256

140f2e0a4f4163af3dc66274beb504a5ff554a46297c27ec039077b8d211b56f
SHA512

96125b025e4117c376f1d4c5e54529fa69f0848049e086c5e264c1f597b46d4e6d8be4bfaea9f618375ee53e88b949e84d9892328b56ade27658f6cfff1a9625
SSDEEP

24576:XOXAaO/6uSLYnFYARGDgrq/fSdYHhC/+EXNP7HkBNqEL7jtf6408:srW6uSLYnPRGDgrq/X0/lON9L7jk4J

Score

8^/10

discovery evasion upx

Static task

static1

Behavioral task

behavioral1

Sample

recoverit_setup_full4174.exe

Resource

win7-20230220-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

recoverit_setup_full4174.exe

Resource

win10v2004-20230220-en

discovery evasion upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  recoverit_setup_full4174.exe
- Size
  
  1.2MB
- MD5
  
  3e01349dab2dbe1158981ed976ca59f9
- SHA1
  
  47189c1ec868823309193083a5b6311677893097
- SHA256
  
  140f2e0a4f4163af3dc66274beb504a5ff554a46297c27ec039077b8d211b56f
- SHA512
  
  96125b025e4117c376f1d4c5e54529fa69f0848049e086c5e264c1f597b46d4e6d8be4bfaea9f618375ee53e88b949e84d9892328b56ade27658f6cfff1a9625
- SSDEEP
  
  24576:XOXAaO/6uSLYnFYARGDgrq/fSdYHhC/+EXNP7HkBNqEL7jtf6408:srW6uSLYnPRGDgrq/X0/lON9L7jk4J
Score

8^/10

discovery evasion upx
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionupx

© 2018-2025

Terms | Privacy