5618afe14e9cba0b7fb2440af72f7cc906df7644ede42d6dab9696a037a61380 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

3ea30d1662...c6.exe

windows7-x64

3ea30d1662...c6.exe

windows10-2004-x64

7

Sharing

General

Target

3ea30d166213807059e7bec3f8a946c6
Size

672KB
Sample

240102-wkztksdfh9
MD5

3ea30d166213807059e7bec3f8a946c6
SHA1

00c5a7247658a80ebe23594665b5c12633216ea9
SHA256

5618afe14e9cba0b7fb2440af72f7cc906df7644ede42d6dab9696a037a61380
SHA512

bdb8573d9a332ca9667ec7faa50245ff6daf5a7c60e92e5b6b26371217d8041f9eb1b8d5f77aa56d0ea3f20ebde0a3cdd77e69edbeebf322ffef1d9ba36c8cbb
SSDEEP

6144:+uIL4XOrbL8uuOpsPHhhtQDdINgP2iMjz5qBHswNet4KunyRWlpkD5taIA:+7lr07Ys/hhtudFWJIHZNeyKuiW8D

Score

10^/10

persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3ea30d166213807059e7bec3f8a946c6.exe

Resource

win7-20231215-en

persistence upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3ea30d166213807059e7bec3f8a946c6.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  3ea30d166213807059e7bec3f8a946c6
- Size
  
  672KB
- MD5
  
  3ea30d166213807059e7bec3f8a946c6
- SHA1
  
  00c5a7247658a80ebe23594665b5c12633216ea9
- SHA256
  
  5618afe14e9cba0b7fb2440af72f7cc906df7644ede42d6dab9696a037a61380
- SHA512
  
  bdb8573d9a332ca9667ec7faa50245ff6daf5a7c60e92e5b6b26371217d8041f9eb1b8d5f77aa56d0ea3f20ebde0a3cdd77e69edbeebf322ffef1d9ba36c8cbb
- SSDEEP
  
  6144:+uIL4XOrbL8uuOpsPHhhtQDdINgP2iMjz5qBHswNet4KunyRWlpkD5taIA:+7lr07Ys/hhtudFWJIHZNeyKuiW8D
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy