2767cfb1873c6b6585458babb7ad884b62a5326d441bfd83c3db8e91d2b20fd5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

v4cracked.zip

windows10-1703-x64

v4cracked.zip

windows10-2004-x64

1

Resubmissions

22/08/2023, 02:18

230822-crmytabb7y 8

22/08/2023, 02:17

230822-cqynxshe49 10

22/08/2023, 02:12

230822-cm1n4sbb5t 8

Sharing

General

Target

v4cracked.zip
Size

13.9MB
Sample

230822-cqynxshe49
MD5

2eb8a7f42774bc68fee1ed90458ff406
SHA1

830c182da95794972bb4306e884eb799babaa99b
SHA256

2767cfb1873c6b6585458babb7ad884b62a5326d441bfd83c3db8e91d2b20fd5
SHA512

9b9a23386a17b97bbfbb6be6b6e74aef89c81ce6a5408fe20dad506cde6fafbe17f72ad36f5dedc4a990b0e3b0379d9d426a3915c691ced1f0172b6369a84126
SSDEEP

196608:eCQsGbT/9bvLz3S1bA329Oq5UWrlwsGUZ:/GbTlj3S1bO29Oq5UWpwsGUZ

Score

10^/10

evasion spyware upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

v4cracked.zip

Resource

win10-20230703-en

evasion spyware upx

windows10-1703-x64

17 signatures

300 seconds

Behavioral task

behavioral2

Sample

v4cracked.zip

Resource

win10v2004-20230703-en

windows10-2004-x64

0 signatures

300 seconds

Malware Config

Targets

- Target
  
  v4cracked.zip
- Size
  
  13.9MB
- MD5
  
  2eb8a7f42774bc68fee1ed90458ff406
- SHA1
  
  830c182da95794972bb4306e884eb799babaa99b
- SHA256
  
  2767cfb1873c6b6585458babb7ad884b62a5326d441bfd83c3db8e91d2b20fd5
- SHA512
  
  9b9a23386a17b97bbfbb6be6b6e74aef89c81ce6a5408fe20dad506cde6fafbe17f72ad36f5dedc4a990b0e3b0379d9d426a3915c691ced1f0172b6369a84126
- SSDEEP
  
  196608:eCQsGbT/9bvLz3S1bA329Oq5UWrlwsGUZ:/GbTlj3S1bO29Oq5UWpwsGUZ
Score

10^/10

evasion spyware upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywareupx

behavioral2

© 2018-2025

Terms | Privacy