d615116b42dd422e6d9577cfbabe1828f1b1f6f619f7a1c40b781f392c46ee34 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

river.exe

windows11-21h2-x64

7

Sharing

General

Target

river.exe
Size

42.4MB
Sample

240225-eh2fysah38
MD5

d456468a29c7f607f856d744a8fa0813
SHA1

a3e17c3cd71b87881aadd7251d9712e43d7b8e9e
SHA256

d615116b42dd422e6d9577cfbabe1828f1b1f6f619f7a1c40b781f392c46ee34
SHA512

c6257e7c5f5398dc1fbcbbd88e52bc76084cd46ccd92873de26eaaefba746c3fc16774a9e1b4a03957cc064a961bbf613eec5751aad7ff7cad067096b543837b
SSDEEP

786432:dSQtsRPJmIKmr2puIvnaJ/12j6+s7LWB75zuk2rPJVEEY5F0wW8p2RPBLd/b:dSQt6PIIfr2pBvnaB12qHWB75ik0PkER

Score

7^/10

pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

river.exe

Resource

win11-20240221-en

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  river.exe
- Size
  
  42.4MB
- MD5
  
  d456468a29c7f607f856d744a8fa0813
- SHA1
  
  a3e17c3cd71b87881aadd7251d9712e43d7b8e9e
- SHA256
  
  d615116b42dd422e6d9577cfbabe1828f1b1f6f619f7a1c40b781f392c46ee34
- SHA512
  
  c6257e7c5f5398dc1fbcbbd88e52bc76084cd46ccd92873de26eaaefba746c3fc16774a9e1b4a03957cc064a961bbf613eec5751aad7ff7cad067096b543837b
- SSDEEP
  
  786432:dSQtsRPJmIKmr2puIvnaJ/12j6+s7LWB75zuk2rPJVEEY5F0wW8p2RPBLd/b:dSQt6PIIfr2pBvnaB12qHWB75ik0PkER
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy