98c830e1f593c1eae961b44822ac2990df90e214aad17cc9c3caf19b09005f7e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

4936106666...6a.exe

windows7-x64

4936106666...6a.exe

windows10-2004-x64

Sharing

General

Target

493610666610bb568fb1fb2a29dfc86a
Size

531KB
Sample

231226-btybwsaghr
MD5

493610666610bb568fb1fb2a29dfc86a
SHA1

96364789f310a0d3747e538d88cf38bd89cd7eba
SHA256

98c830e1f593c1eae961b44822ac2990df90e214aad17cc9c3caf19b09005f7e
SHA512

a5bb73054286b49f208267bcfff8cc0794b2fce111a159229c72e1f7dcb37a91d4d47a92925364b2fa3875e3807cc9424b87c22623a75d19e8d7b2ad866a0167
SSDEEP

12288:2Qv0eBwZPTf7+y1dKluklBIy/8YwA7GH4:H82Wb7+SEP/RJG4

Score

10^/10

persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

493610666610bb568fb1fb2a29dfc86a.exe

Resource

win7-20231129-en

persistence upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

493610666610bb568fb1fb2a29dfc86a.exe

Resource

win10v2004-20231215-en

persistence upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  493610666610bb568fb1fb2a29dfc86a
- Size
  
  531KB
- MD5
  
  493610666610bb568fb1fb2a29dfc86a
- SHA1
  
  96364789f310a0d3747e538d88cf38bd89cd7eba
- SHA256
  
  98c830e1f593c1eae961b44822ac2990df90e214aad17cc9c3caf19b09005f7e
- SHA512
  
  a5bb73054286b49f208267bcfff8cc0794b2fce111a159229c72e1f7dcb37a91d4d47a92925364b2fa3875e3807cc9424b87c22623a75d19e8d7b2ad866a0167
- SSDEEP
  
  12288:2Qv0eBwZPTf7+y1dKluklBIy/8YwA7GH4:H82Wb7+SEP/RJG4
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy