52d6d769eb474d4138ac31e05634a6ca7a4ebef5920f8356c1cd70d9fa42c2fb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

07443099.exe

windows7-x64

8

07443099.exe

windows10-2004-x64

8

Sharing

General

Target

07443099.exe
Size

247KB
Sample

230610-l6fbysfd4z
MD5

733eb0ab951ae42a8d8cca413201e428
SHA1

640ffb3ee44eb86afaea92e6c5aa158a5d4aafd1
SHA256

52d6d769eb474d4138ac31e05634a6ca7a4ebef5920f8356c1cd70d9fa42c2fb
SHA512

c7cdf77aa881c5dbb2abf17913dbf645fe88e16fa11fa055392d36ccf936fc43050c48feb631e193fe044123a190f123d2d6ff12234c0ff7c8c7c6e290209d8f
SSDEEP

3072:xaWEHnqlm+0FEaJSq6+ouCpk2mpcWJ0r+QNTBfZnazJ9k3kxMC+89+aPyXiwQ9M1:cWCMm8aMldk1cWQRNTBhz3Yz/qc9M1

Score

8^/10

bootkit discovery exploit persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

07443099.exe

Resource

win7-20230220-en

bootkit discovery exploit persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

07443099.exe

Resource

win10v2004-20230220-en

bootkit discovery exploit persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  07443099.exe
- Size
  
  247KB
- MD5
  
  733eb0ab951ae42a8d8cca413201e428
- SHA1
  
  640ffb3ee44eb86afaea92e6c5aa158a5d4aafd1
- SHA256
  
  52d6d769eb474d4138ac31e05634a6ca7a4ebef5920f8356c1cd70d9fa42c2fb
- SHA512
  
  c7cdf77aa881c5dbb2abf17913dbf645fe88e16fa11fa055392d36ccf936fc43050c48feb631e193fe044123a190f123d2d6ff12234c0ff7c8c7c6e290209d8f
- SSDEEP
  
  3072:xaWEHnqlm+0FEaJSq6+ouCpk2mpcWJ0r+QNTBfZnazJ9k3kxMC+89+aPyXiwQ9M1:cWCMm8aMldk1cWQRNTBhz3Yz/qc9M1
Score

8^/10

bootkit discovery exploit persistence
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Modifies boot configuration data using bcdedit
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryexploitpersistence

behavioral2

bootkitdiscoveryexploitpersistence

© 2018-2025

Terms | Privacy