d2d723a89afee709e86eef8a140625b84ca7926c7a49826c75cd4963d821df03 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

d2d723a89a...03.exe

windows7-x64

d2d723a89a...03.exe

windows10-2004-x64

Sharing

General

Target

d2d723a89afee709e86eef8a140625b84ca7926c7a49826c75cd4963d821df03
Size

340KB
Sample

240312-wqs8zsfe9s
MD5

758b274ef374e88dde853065014f595b
SHA1

9ef6a663d02365ce550fb8fce254e0d3d5acb71b
SHA256

d2d723a89afee709e86eef8a140625b84ca7926c7a49826c75cd4963d821df03
SHA512

a9ec5ec1950f380eb4a4240035280d90b76f042836cbcb45c4839b667edb00d7a5daea6f4bcb3321162e66cdf1c87f2d459a7e4acb15fe29e79d29cc8bcb2c6e
SSDEEP

3072:xftffjmNOCSjGoLpWM6VbBVjxyZ2wuhttQyrftffjmNOCSjGoLpWM6VbBVjxyZ2N:5VfjmNAXq1V599VfjmNAXq1V59a0Jal

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d2d723a89afee709e86eef8a140625b84ca7926c7a49826c75cd4963d821df03.exe

Resource

win7-20231129-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2d723a89afee709e86eef8a140625b84ca7926c7a49826c75cd4963d821df03.exe

Resource

win10v2004-20240226-en

evasion persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  d2d723a89afee709e86eef8a140625b84ca7926c7a49826c75cd4963d821df03
- Size
  
  340KB
- MD5
  
  758b274ef374e88dde853065014f595b
- SHA1
  
  9ef6a663d02365ce550fb8fce254e0d3d5acb71b
- SHA256
  
  d2d723a89afee709e86eef8a140625b84ca7926c7a49826c75cd4963d821df03
- SHA512
  
  a9ec5ec1950f380eb4a4240035280d90b76f042836cbcb45c4839b667edb00d7a5daea6f4bcb3321162e66cdf1c87f2d459a7e4acb15fe29e79d29cc8bcb2c6e
- SSDEEP
  
  3072:xftffjmNOCSjGoLpWM6VbBVjxyZ2wuhttQyrftffjmNOCSjGoLpWM6VbBVjxyZ2N:5VfjmNAXq1V599VfjmNAXq1V59a0Jal
Score

10^/10

evasion persistence upx
- Modifies visibility of file extensions in Explorer
  evasion
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy