56947c93fb17d3339ff2a778556f4a4f95516fb5112db61ae0804ecdcf4d1307 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

autoruni.pee.exe

windows10-1703-x64

8

autoruni.pee.exe

windows7-x64

8

autoruni.pee.exe

windows10-2004-x64

8

Sharing

General

Target

autoruni.pee.exe
Size

100KB
Sample

230702-xzmm8sec5y
MD5

aae219d4e703051d60351f73ca288d1d
SHA1

1b28cbc3d27a92281ebf4754c27b9ac4a3a8c214
SHA256

56947c93fb17d3339ff2a778556f4a4f95516fb5112db61ae0804ecdcf4d1307
SHA512

c506e10cb96346729bbcf7001a2e686c22998c5b62cfff80319a6ab2e50031e96d7731b1cf5128a34d071779360be4ebacb28a2296651c80ba9e12650ef48af5
SSDEEP

3072:J2MWsQvnyo/CtkgEcnz7fsmqLGnQ7eMDLyPexpZ:J2jsgpYtEcnzwlLFeMD2Pex

Score

8^/10

evasion persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

autoruni.pee.exe

Resource

win10-20230621-en

evasion persistence spyware stealer

windows10-1703-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

autoruni.pee.exe

Resource

win7-20230621-en

evasion persistence spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral3

Sample

autoruni.pee.exe

Resource

win10v2004-20230621-en

evasion persistence spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  autoruni.pee.exe
- Size
  
  100KB
- MD5
  
  aae219d4e703051d60351f73ca288d1d
- SHA1
  
  1b28cbc3d27a92281ebf4754c27b9ac4a3a8c214
- SHA256
  
  56947c93fb17d3339ff2a778556f4a4f95516fb5112db61ae0804ecdcf4d1307
- SHA512
  
  c506e10cb96346729bbcf7001a2e686c22998c5b62cfff80319a6ab2e50031e96d7731b1cf5128a34d071779360be4ebacb28a2296651c80ba9e12650ef48af5
- SSDEEP
  
  3072:J2MWsQvnyo/CtkgEcnz7fsmqLGnQ7eMDLyPexpZ:J2jsgpYtEcnzwlLFeMD2Pex
Score

8^/10

evasion persistence spyware stealer
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2

evasionpersistencespywarestealer

behavioral3

evasionpersistencespywarestealer

© 2018-2025

Terms | Privacy