63f6744d66d7b0c265c49b9c0925c6e8376eee89babb91c04412e348d577a5e0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

63f6744d66...e0.exe

windows7-x64

63f6744d66...e0.exe

windows10-2004-x64

Sharing

General

Target

63f6744d66d7b0c265c49b9c0925c6e8376eee89babb91c04412e348d577a5e0
Size

87KB
Sample

240305-z1mezaad87
MD5

ab639eb2eecd4b4724a4920128ae5c7e
SHA1

fc8a04433be9a046a02e86e1c7d444ff33521836
SHA256

63f6744d66d7b0c265c49b9c0925c6e8376eee89babb91c04412e348d577a5e0
SHA512

5dc4d1329c64c072d206e4d834291fbc54fb68b2924aa99e260e069f7c588d9396dfed291fba80ebd8ff49fa254f1479e6714cbe18973c05ad5066bd95c19cfa
SSDEEP

1536:1a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3ldoIy:08dfX7y9DZ+N7eB+IIy

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63f6744d66d7b0c265c49b9c0925c6e8376eee89babb91c04412e348d577a5e0.exe

Resource

win7-20240221-en

evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

63f6744d66d7b0c265c49b9c0925c6e8376eee89babb91c04412e348d577a5e0.exe

Resource

win10v2004-20240226-en

evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  63f6744d66d7b0c265c49b9c0925c6e8376eee89babb91c04412e348d577a5e0
- Size
  
  87KB
- MD5
  
  ab639eb2eecd4b4724a4920128ae5c7e
- SHA1
  
  fc8a04433be9a046a02e86e1c7d444ff33521836
- SHA256
  
  63f6744d66d7b0c265c49b9c0925c6e8376eee89babb91c04412e348d577a5e0
- SHA512
  
  5dc4d1329c64c072d206e4d834291fbc54fb68b2924aa99e260e069f7c588d9396dfed291fba80ebd8ff49fa254f1479e6714cbe18973c05ad5066bd95c19cfa
- SSDEEP
  
  1536:1a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3ldoIy:08dfX7y9DZ+N7eB+IIy
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy