ae1dab47fae0307831ec90b249d26ab4d783fd1fbfebf98a2448d40932885bbd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

malware200.exe

windows7-x64

malware200.exe

windows10-2004-x64

9

Resubmissions

31/08/2023, 12:31

230831-pp5gasef7w 9

31/08/2023, 12:09

230831-pbznwsfa54 10

Sharing

General

Target

malware200.exe
Size

448KB
Sample

230831-pbznwsfa54
MD5

957302c7e0c9e025397c2e3cfdc0fef3
SHA1

10ac72a20ac5cd28c94199899fe2eae6ed5b3a84
SHA256

ae1dab47fae0307831ec90b249d26ab4d783fd1fbfebf98a2448d40932885bbd
SHA512

e1443c86e1acb84c5ecb80db5ecca931882478bfdc792c99875eef93b028ba169433dfa2fea8c7a6ee78a3792108172fb8d2e41103a76c77f8d67ee967948ebc
SSDEEP

12288:oquErHF6xC9D6DmR1J98w4oknqOOCyQf1vYOUlsxd:prl6kD68JmlotQfhHUl4

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

malware200.exe

Resource

win7-20230712-en

evasion persistence

windows7-x64

19 signatures

1200 seconds

Behavioral task

behavioral2

Sample

malware200.exe

Resource

win10v2004-20230824-en

evasion persistence

windows10-2004-x64

13 signatures

1200 seconds

Malware Config

Targets

- Target
  
  malware200.exe
- Size
  
  448KB
- MD5
  
  957302c7e0c9e025397c2e3cfdc0fef3
- SHA1
  
  10ac72a20ac5cd28c94199899fe2eae6ed5b3a84
- SHA256
  
  ae1dab47fae0307831ec90b249d26ab4d783fd1fbfebf98a2448d40932885bbd
- SHA512
  
  e1443c86e1acb84c5ecb80db5ecca931882478bfdc792c99875eef93b028ba169433dfa2fea8c7a6ee78a3792108172fb8d2e41103a76c77f8d67ee967948ebc
- SSDEEP
  
  12288:oquErHF6xC9D6DmR1J98w4oknqOOCyQf1vYOUlsxd:prl6kD68JmlotQfhHUl4
Score

10^/10

evasion persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Account Manipulation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy