cc331c94fd9e4584f405bd6b03fb99ecfbb5293017293fc0a37a9b1737d31722 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

KMS_Suite.v9.5.EN.bat

windows7-x64

8

KMS_Suite.v9.5.EN.bat

windows10-2004-x64

8

Sharing

General

Target

KMS_Suite.v9.5.EN.bat
Size

348KB
Sample

240214-vamwlagh23
MD5

af73bf925361348072469cff78890a4b
SHA1

dca20e41242d9398f474babb80c971e5fc27de69
SHA256

cc331c94fd9e4584f405bd6b03fb99ecfbb5293017293fc0a37a9b1737d31722
SHA512

6c7966852db9921338e6770b07190033ac1fb88035024388c8717c4d080e64587baffbbd99b6ac3657beec59d5ec8685acb4349953d92801a65089eb25253032
SSDEEP

6144:zaGyPc7/Tg7jc4zlw6PhVMt1pOb4RKsFx+GXtO9l0X0dgJ/pGntI/:zaXEDTg84z5pVM9O0lgz70kd0pEE

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

KMS_Suite.v9.5.EN.bat

Resource

win7-20231215-en

discovery persistence

windows7-x64

15 signatures

1800 seconds

Behavioral task

behavioral2

Sample

KMS_Suite.v9.5.EN.bat

Resource

win10v2004-20231222-en

discovery persistence

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Targets

- Target
  
  KMS_Suite.v9.5.EN.bat
- Size
  
  348KB
- MD5
  
  af73bf925361348072469cff78890a4b
- SHA1
  
  dca20e41242d9398f474babb80c971e5fc27de69
- SHA256
  
  cc331c94fd9e4584f405bd6b03fb99ecfbb5293017293fc0a37a9b1737d31722
- SHA512
  
  6c7966852db9921338e6770b07190033ac1fb88035024388c8717c4d080e64587baffbbd99b6ac3657beec59d5ec8685acb4349953d92801a65089eb25253032
- SSDEEP
  
  6144:zaGyPc7/Tg7jc4zlw6PhVMt1pOb4RKsFx+GXtO9l0X0dgJ/pGntI/:zaXEDTg84z5pVM9O0lgz70kd0pEE
Score

8^/10

discovery persistence
- Blocklisted process makes network request
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence

© 2018-2025

Terms | Privacy