ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

ee882c7298...d9.exe

windows7-x64

ee882c7298...d9.exe

windows10-2004-x64

Sharing

General

Target

ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9
Size

2.0MB
Sample

231106-hm57gsbb86
MD5

396936c3276814680b90a5641f158dfa
SHA1

0b88285750160285e27f242ec480a9cf2b40f5b5
SHA256

ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9
SHA512

4e838dc7771f2836f1caf40a2c05cfc874e0fdf4ed384879ca5719c0149b05b99998a90823de1af0e4a292c99a915fea0709557defa9c30f6d26db2bd73b3e21
SSDEEP

12288:SOuW5o/oStscy+4CWKKCrZTGF/k8uMxtxPvvzz5KnL/JLW8Wdvp/8DeBo1irkoEQ:SjSow18JbKkKF/eMNPjgI1rh

Score

10^/10

upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9.exe

Resource

win7-20231023-en

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9.exe

Resource

win10v2004-20231020-en

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9
- Size
  
  2.0MB
- MD5
  
  396936c3276814680b90a5641f158dfa
- SHA1
  
  0b88285750160285e27f242ec480a9cf2b40f5b5
- SHA256
  
  ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9
- SHA512
  
  4e838dc7771f2836f1caf40a2c05cfc874e0fdf4ed384879ca5719c0149b05b99998a90823de1af0e4a292c99a915fea0709557defa9c30f6d26db2bd73b3e21
- SSDEEP
  
  12288:SOuW5o/oStscy+4CWKKCrZTGF/k8uMxtxPvvzz5KnL/JLW8Wdvp/8DeBo1irkoEQ:SjSow18JbKkKF/eMNPjgI1rh
Score

10^/10

upx vmprotect
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy