d001322a5c9d7ee37f7c9974456a0c6e136148281aa43d2ee307de3f192bb81a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

138273dbe0...c3.exe

windows7-x64

7

138273dbe0...c3.exe

windows10-2004-x64

7

Sharing

General

Target

138273dbe01b82c3e9960839fa89a2c3
Size

666KB
Sample

231230-kgcdbsbchk
MD5

138273dbe01b82c3e9960839fa89a2c3
SHA1

dcb02a0e68666b278faaa3d4bece34cc23396f2b
SHA256

d001322a5c9d7ee37f7c9974456a0c6e136148281aa43d2ee307de3f192bb81a
SHA512

675cab359bd1c75e6d2e076423ddc1d1ce506f383457d560bb1c39059aca772d279d1d801ca16c79bf302ccddd7d2152900cdb4a4adef516bca6cf55ec46cb08
SSDEEP

12288:DbDqEkMs4q48IAeP0PifTEurPbvdqJplapLWTICNIYPKMTWN4t4OAUw91zRwIMfm:DXbs48LeP0P8E6dclWLi26KGOqMwIMu

Score

7^/10

discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

138273dbe01b82c3e9960839fa89a2c3.exe

Resource

win7-20231129-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

138273dbe01b82c3e9960839fa89a2c3.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  138273dbe01b82c3e9960839fa89a2c3
- Size
  
  666KB
- MD5
  
  138273dbe01b82c3e9960839fa89a2c3
- SHA1
  
  dcb02a0e68666b278faaa3d4bece34cc23396f2b
- SHA256
  
  d001322a5c9d7ee37f7c9974456a0c6e136148281aa43d2ee307de3f192bb81a
- SHA512
  
  675cab359bd1c75e6d2e076423ddc1d1ce506f383457d560bb1c39059aca772d279d1d801ca16c79bf302ccddd7d2152900cdb4a4adef516bca6cf55ec46cb08
- SSDEEP
  
  12288:DbDqEkMs4q48IAeP0PifTEurPbvdqJplapLWTICNIYPKMTWN4t4OAUw91zRwIMfm:DXbs48LeP0P8E6dclWLi26KGOqMwIMu
Score

7^/10

discovery upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy