2f7c4ee4fde198e54e5f29ef1eafe326bda0f24f21bb4bf36e6416d32e75d246 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

36c4f2289c...67.exe

windows7-x64

36c4f2289c...67.exe

windows10-2004-x64

Sharing

General

Target

36c4f2289cbfeb319219743392141a67
Size

1.0MB
Sample

231231-p3hjpacbfk
MD5

36c4f2289cbfeb319219743392141a67
SHA1

4b2b2f483e3e2663c0be603817bc038cce4941ed
SHA256

2f7c4ee4fde198e54e5f29ef1eafe326bda0f24f21bb4bf36e6416d32e75d246
SHA512

3f3c9472397055e44ecf6a14b34b07a0384e759cc4b618b33e994bd076271fdc2085078396b88ed33b5d4a07d6ddf61a75e90fc02e024d68539449a13ed6f52a
SSDEEP

24576:+JeJfAKijp98zHpneTXdp9aepOBm1oc7KbvyFyK9:0eJfALGperduepOBm+c79

Score

10^/10

evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

36c4f2289cbfeb319219743392141a67.exe

Resource

win7-20231129-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

36c4f2289cbfeb319219743392141a67.exe

Resource

win10v2004-20231215-en

evasion persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  36c4f2289cbfeb319219743392141a67
- Size
  
  1.0MB
- MD5
  
  36c4f2289cbfeb319219743392141a67
- SHA1
  
  4b2b2f483e3e2663c0be603817bc038cce4941ed
- SHA256
  
  2f7c4ee4fde198e54e5f29ef1eafe326bda0f24f21bb4bf36e6416d32e75d246
- SHA512
  
  3f3c9472397055e44ecf6a14b34b07a0384e759cc4b618b33e994bd076271fdc2085078396b88ed33b5d4a07d6ddf61a75e90fc02e024d68539449a13ed6f52a
- SSDEEP
  
  24576:+JeJfAKijp98zHpneTXdp9aepOBm1oc7KbvyFyK9:0eJfALGperduepOBm+c79
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy