bbb1a707faaf2f9b06ee3da3bdbd511afae912a3bc2d845b49eb7ba4706fd282 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

44c11f2419...6a.exe

windows7-x64

9

44c11f2419...6a.exe

windows10-2004-x64

9

Sharing

General

Target

0692382a5ccf0b0b9406a434352bcd66.bin
Size

2.4MB
Sample

240124-bczhmaeed6
MD5

f898a1d1de3f78b42b5f1ff624833639
SHA1

0361f3033c48b4768f741d1e7547dc90dd642a50
SHA256

bbb1a707faaf2f9b06ee3da3bdbd511afae912a3bc2d845b49eb7ba4706fd282
SHA512

4642259dfb9421ec28902ad12a995de90ad603afb0f09ad424248c5f3302c693c6274a89aedbc3eb7ea04ab591cce85f9a8f799739cd902f3f1c03c7ab742638
SSDEEP

49152:ivwXDLNe+fT3uaKuN1CFirotzXo9fmId4yFw9PXRS/Z4/63:3NeQDua9uId4BXRSu/63

Score

9^/10

discovery evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a.exe

Resource

win7-20231215-en

discovery evasion upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a.exe

Resource

win10v2004-20231215-en

discovery evasion upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a.exe
- Size
  
  2.5MB
- MD5
  
  0692382a5ccf0b0b9406a434352bcd66
- SHA1
  
  d67f6d9f3353d712c13a96b00f87f4c9d511e26d
- SHA256
  
  44c11f2419a7650053168843f0c092a45187920bec71ede3d26473472575ee6a
- SHA512
  
  35d854e0e3cd237bbec6acb3fcbc0692b30333645fff0ed4320853e9c7c1caa6d9d12b0dc6a1c8515126d43695769d334a4a79b4cc1021ca33a7ddaab12805f6
- SSDEEP
  
  49152:5wTtKTyEJdyyUa6PrvMrKQHBhzFrBRucp2uBUYYs2aoywX7AqomhDHsH:5atKOMFkxQHBBZOtuBUg2aKXTJMH
Score

9^/10

discovery evasion upx
- Contacts a large (17966) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in Drivers directory
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

Network Service Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionupx

behavioral2

discoveryevasionupx

© 2018-2025

Terms | Privacy