bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

bc082e85f4...eb.exe

windows7-x64

8

bc082e85f4...eb.exe

windows10-2004-x64

8

Sharing

General

Target

bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb
Size

399KB
Sample

231012-vkyqvach2x
MD5

6b536c7f28c331c46c88e5e1827f83d0
SHA1

c55b37d2fcbe8c5178f065b7fb08395aafd68dc9
SHA256

bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb
SHA512

7e22107cb788c71459510aef25a2123c058855e03c7c4ea6530f457246b7d84aad965b8cce90ed305d94f66ca8e9699d26e80b03572b13e710738dc77112d5e0
SSDEEP

6144:XKiYJL+K7EQ5vrt5AVfL8haEK4sDzLPFZcEOkCybEaQRXr9HNdvOa:LqEU0Vf4ha0sDzDOkx2LIa

Score

8^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe

Resource

win7-20230831-en

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb
- Size
  
  399KB
- MD5
  
  6b536c7f28c331c46c88e5e1827f83d0
- SHA1
  
  c55b37d2fcbe8c5178f065b7fb08395aafd68dc9
- SHA256
  
  bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb
- SHA512
  
  7e22107cb788c71459510aef25a2123c058855e03c7c4ea6530f457246b7d84aad965b8cce90ed305d94f66ca8e9699d26e80b03572b13e710738dc77112d5e0
- SSDEEP
  
  6144:XKiYJL+K7EQ5vrt5AVfL8haEK4sDzLPFZcEOkCybEaQRXr9HNdvOa:LqEU0Vf4ha0sDzDOkx2LIa
Score

8^/10
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy