3ab1efbbb6afd2c8a9a182ce719d4198596d2ca24a3aae0c18c21e27cafd3f71 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

44de3cda23...d9.exe

windows7-x64

7

44de3cda23...d9.exe

windows10-2004-x64

7

Sharing

General

Target

e34a10782d9dac4b81cbc788ac151fe3.bin
Size

8.1MB
Sample

230630-cr2f7sgg6w
MD5

e780ac6e0c5a944bd68d59f14ec12d4f
SHA1

66785ef3d6e512e575619193baff3af4423be7dc
SHA256

3ab1efbbb6afd2c8a9a182ce719d4198596d2ca24a3aae0c18c21e27cafd3f71
SHA512

5c8aa595c1e53fd25968e06125491b3b3c86c7022318c8b62c159f5f4037f23c1f4d63480d805d0a5e0dfbe3a8c5eb5bc865438bed5b4961a899a7f22a3cab17
SSDEEP

196608:Acky6Pmrl/YXRszXiaW3GEtZjQjBQw/lQCR+4xjIPE:A5b+B/JTo3GEzQjBB/WCHp

Score

7^/10

persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

44de3cda2390b20b694a4121a3fcf1f940e2c5d50e5bcb8f13ce975c7fc962d9.exe

Resource

win7-20230621-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

44de3cda2390b20b694a4121a3fcf1f940e2c5d50e5bcb8f13ce975c7fc962d9.exe

Resource

win10v2004-20230621-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  44de3cda2390b20b694a4121a3fcf1f940e2c5d50e5bcb8f13ce975c7fc962d9.exe
- Size
  
  8.3MB
- MD5
  
  e34a10782d9dac4b81cbc788ac151fe3
- SHA1
  
  21516e86b86b245fb6520ae16a69814bfbe9c494
- SHA256
  
  44de3cda2390b20b694a4121a3fcf1f940e2c5d50e5bcb8f13ce975c7fc962d9
- SHA512
  
  304a811b7608bd0da73e8f75c2c1b886b0cdc656e54993daf5c00b64622e6482cc8581e80fbdf8a4d8c8dcffe6053bec6a85354ccddbf3cfc5b63570340aac1f
- SSDEEP
  
  196608:whTb9B0BPrDz4pxgZZPy5RmStgxb/z6FDiSJXqeUh4mT7:eTb9epDz4MZZ4RmxYDiScfhH
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy