48651a44a3a744fdc099d080dde0f99dbdb8843c09f16bafedcb11e15859ea45 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

050efb70d5...ea.bat

windows7-x64

7

050efb70d5...ea.bat

windows10-2004-x64

Sharing

General

Target

9644bf6130818a23b7820e4441d84d6a.bin
Size

9.6MB
Sample

230923-cvmgfsbg3s
MD5

85a24aeeb31ab9358e0ecbe11c4feab6
SHA1

c77d7a00f6c30d9f1b61284bdbad1d5b07892f79
SHA256

48651a44a3a744fdc099d080dde0f99dbdb8843c09f16bafedcb11e15859ea45
SHA512

297e7f2b74b0398be279d15f215fe13f3f1ed877f439c4e18f4a5f12585a0e63b9a6919b893f0057fe0346fb4ef333815d9ccb7adde7cc4c9a83cc8cb6c17b5b
SSDEEP

196608:+/AYPaHJaFcAXMaBKeeOudsZ3XtS6E56KChTCqT:+oYPaIcAX/TeOudsZ3wcKChTCqT

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

050efb70d521f74a42dcd63c703900433b03cf138fcfa1812705c8cb37deb1ea.bat

Resource

win7-20230831-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

050efb70d521f74a42dcd63c703900433b03cf138fcfa1812705c8cb37deb1ea.bat

Resource

win10v2004-20230915-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  050efb70d521f74a42dcd63c703900433b03cf138fcfa1812705c8cb37deb1ea.bat
- Size
  
  14.6MB
- MD5
  
  9644bf6130818a23b7820e4441d84d6a
- SHA1
  
  654d821a794488acba87a809e8eab889eb9845db
- SHA256
  
  050efb70d521f74a42dcd63c703900433b03cf138fcfa1812705c8cb37deb1ea
- SHA512
  
  db83473f76f680fa8f93da5bfa71d2b396f4cef44d222e75430a09432c68b67e37c92ca56b7f5d54265cbbb44145df00a11ccf89c498a391af609a2976c6beb9
- SSDEEP
  
  49152:VfcOj5SiJ6+FBW/rRNkFa34CG36ICLvbtSAKsASfycGoA+uVteH7ki8KjXtXH8xU:u
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy