a2b464f56255bee1d0b7d1ed5b3f3ed713e45ddfce558172b23da82525da7a04 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

d2783d8eb3...9c.exe

windows7-x64

d2783d8eb3...9c.exe

windows10-2004-x64

Sharing

General

Target

d2783d8eb3a7281096d256f40debe49c
Size

695KB
Sample

240318-d2ntjagb8s
MD5

d2783d8eb3a7281096d256f40debe49c
SHA1

09fc38cb0d02e6468b74fe4b9cd01765d1d89235
SHA256

a2b464f56255bee1d0b7d1ed5b3f3ed713e45ddfce558172b23da82525da7a04
SHA512

5b86df6179d9e37e7733fa1b13771ee11d22c312edb1b9a52544175e469230aaffd333405af7150ed5b6174790a096b8bea492bf96d9fe2b5bf7f77397dd8d16
SSDEEP

12288:xzCXl6eEblXIh6Yo8Gvp9gw5Plsfxin1rliwYZFtpNr6+8Wibs6EmdH/8Z1Z3o4T:o16eEbRIhPC9bux4OdLrBZZXT

Score

10^/10

persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d2783d8eb3a7281096d256f40debe49c.exe

Resource

win7-20240221-en

persistence upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2783d8eb3a7281096d256f40debe49c.exe

Resource

win10v2004-20240226-en

persistence upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://lastreporteriche.com/inst.php?id=skytraf01

Targets

- Target
  
  d2783d8eb3a7281096d256f40debe49c
- Size
  
  695KB
- MD5
  
  d2783d8eb3a7281096d256f40debe49c
- SHA1
  
  09fc38cb0d02e6468b74fe4b9cd01765d1d89235
- SHA256
  
  a2b464f56255bee1d0b7d1ed5b3f3ed713e45ddfce558172b23da82525da7a04
- SHA512
  
  5b86df6179d9e37e7733fa1b13771ee11d22c312edb1b9a52544175e469230aaffd333405af7150ed5b6174790a096b8bea492bf96d9fe2b5bf7f77397dd8d16
- SSDEEP
  
  12288:xzCXl6eEblXIh6Yo8Gvp9gw5Plsfxin1rliwYZFtpNr6+8Wibs6EmdH/8Z1Z3o4T:o16eEbRIhPC9bux4OdLrBZZXT
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy