72c50bb47ae31af0b64594a40c195ea174822d84c455da5356726cbf3b031948 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

72c50bb47a...48.exe

windows7-x64

72c50bb47a...48.exe

windows10-2004-x64

Sharing

General

Target

72c50bb47ae31af0b64594a40c195ea174822d84c455da5356726cbf3b031948
Size

304KB
Sample

231114-lqfyjsbc39
MD5

b728c2840a02568443366cf9d31b4e79
SHA1

290262cf698471ac7a25c002cc5e32c45343354a
SHA256

72c50bb47ae31af0b64594a40c195ea174822d84c455da5356726cbf3b031948
SHA512

663f58c57f7fb01fec32c6a7f72742edf45c37f4e12caef7def07e504d1aefcf51d873fc28682161a0affbcf536f40e967049f84a6376f33cb1e1c77f0be9de5
SSDEEP

6144:vIMnCyxDUQyNjIY6UAik3W6EoXJAOueOef5SG4X9Wx+8tCNyY:1C2U3Nj56Jik3n5EeOK8Mx+8kNH

Score

10^/10

evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

72c50bb47ae31af0b64594a40c195ea174822d84c455da5356726cbf3b031948.exe

Resource

win7-20231023-en

evasion trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

72c50bb47ae31af0b64594a40c195ea174822d84c455da5356726cbf3b031948.exe

Resource

win10v2004-20231020-en

evasion trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  72c50bb47ae31af0b64594a40c195ea174822d84c455da5356726cbf3b031948
- Size
  
  304KB
- MD5
  
  b728c2840a02568443366cf9d31b4e79
- SHA1
  
  290262cf698471ac7a25c002cc5e32c45343354a
- SHA256
  
  72c50bb47ae31af0b64594a40c195ea174822d84c455da5356726cbf3b031948
- SHA512
  
  663f58c57f7fb01fec32c6a7f72742edf45c37f4e12caef7def07e504d1aefcf51d873fc28682161a0affbcf536f40e967049f84a6376f33cb1e1c77f0be9de5
- SSDEEP
  
  6144:vIMnCyxDUQyNjIY6UAik3W6EoXJAOueOef5SG4X9Wx+8tCNyY:1C2U3Nj56Jik3n5EeOK8Mx+8kNH
Score

10^/10

evasion trojan upx
- UAC bypass
  evasion trojan
- Downloads MZ/PE file
- Modifies RDP port number used by Windows
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanupx

behavioral2

evasiontrojanupx

© 2018-2025

Terms | Privacy