f009e7eba5af959baabbf97c11363011fb38117ee8523df49dbb2193e6207036 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f009e7eba5...36.exe

windows7-x64

7

f009e7eba5...36.exe

windows10-2004-x64

7

Sharing

General

Target

f009e7eba5af959baabbf97c11363011fb38117ee8523df49dbb2193e6207036
Size

15.8MB
Sample

231012-q1382scd3z
MD5

59448d93ab31b95a2f37f6fc65bde3e3
SHA1

1dac4b3bcd641f64d35162cedce320a32d983f90
SHA256

f009e7eba5af959baabbf97c11363011fb38117ee8523df49dbb2193e6207036
SHA512

2fde7843f8b9c5ac3c7a8990e5cf1be3ac0a9734c595bb944e2291e7287dcdff38c0c28d95dde7303584718fa7b47c5e7043744e4cb86a18b1265b1bf6ad5664
SSDEEP

393216:ACEpuFoKj/wM4U0CghX6NbdhAQ6ga2jqPHydRRG5es:AFpZE4RCg9gbdvbmPHKRRG5es

Score

7^/10

discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f009e7eba5af959baabbf97c11363011fb38117ee8523df49dbb2193e6207036.exe

Resource

win7-20230831-en

discovery evasion persistence trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

f009e7eba5af959baabbf97c11363011fb38117ee8523df49dbb2193e6207036.exe

Resource

win10v2004-20230915-en

discovery persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  f009e7eba5af959baabbf97c11363011fb38117ee8523df49dbb2193e6207036
- Size
  
  15.8MB
- MD5
  
  59448d93ab31b95a2f37f6fc65bde3e3
- SHA1
  
  1dac4b3bcd641f64d35162cedce320a32d983f90
- SHA256
  
  f009e7eba5af959baabbf97c11363011fb38117ee8523df49dbb2193e6207036
- SHA512
  
  2fde7843f8b9c5ac3c7a8990e5cf1be3ac0a9734c595bb944e2291e7287dcdff38c0c28d95dde7303584718fa7b47c5e7043744e4cb86a18b1265b1bf6ad5664
- SSDEEP
  
  393216:ACEpuFoKj/wM4U0CghX6NbdhAQ6ga2jqPHydRRG5es:AFpZE4RCg9gbdvbmPHKRRG5es
Score

7^/10

discovery evasion persistence trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojan

behavioral2

discoverypersistence

© 2018-2025

Terms | Privacy