aef7f8d55e7fd11061fad8de61424602930a11cc758e3a0aacf6858aae3394f9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

AMPED/AMPED.txt

windows10-2004-x64

8

Resubmissions

23/12/2023, 07:01

231223-hteccaeeap 8

23/12/2023, 06:57

231223-hq1feaghg6 3

23/12/2023, 06:55

231223-hp2xvaghg4 3

Sharing

General

Target

9lvsf.Stardock.Fences.5.04.x64.Multilingual.rar
Size

13.5MB
Sample

231223-hteccaeeap
MD5

ed1a0d318f78fd7ee33309fb4eb5f7f2
SHA1

61666c6154b8881d5abf4c4c73d2c5478256874c
SHA256

aef7f8d55e7fd11061fad8de61424602930a11cc758e3a0aacf6858aae3394f9
SHA512

d7e0c860630b7910951c367ad7afbf47122f59f669221f37ac8df637065403ed3072520c84084c9221ae74f850901cfda18714a9b60bac0a8c483ecb7c476a9b
SSDEEP

196608:CTWNaqQ8EuKAvWWqq1Q4mpMLjaceFLxbOZ92N6Ms5rE+vQrFvrfXvQdrIP0:OWAPmWWR1apUaceFL9Wm6o+UFvrfYq0

Score

8^/10

discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

AMPED/AMPED.txt

Resource

win10v2004-20231215-en

discovery persistence upx

windows10-2004-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  AMPED/AMPED.txt
- Size
  
  104B
- MD5
  
  4ca637758356b1127e8d265b842b6307
- SHA1
  
  c49ad61dbfd99052060b2e1f16e09f94d09f7141
- SHA256
  
  224a4e40ac827974d15fadefd26769c2b65b85698901615af9af3ea3bba23bcf
- SHA512
  
  a3d9226ac77908a6a3aa834cb1aceeaf74baaf4c2921e63ec669e42d25a6b288b7683a0a92487001cfc6271b29874530e42759f433d9beb07213fbc360d3c7c2
Score

8^/10

discovery persistence upx
- Modifies Shared Task Scheduler registry keys
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

© 2018-2025

Terms | Privacy