1b58f53b8971e88720984dab60eeb3d7e76c316e9d43ccb4a762faf5a0aa4874 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d4ea3afb50...ba.exe

windows7-x64

7

d4ea3afb50...ba.exe

windows10-2004-x64

7

Sharing

General

Target

d4ea3afb5081cc97798dae3a9b9b08ba
Size

89KB
Sample

240319-b86ltaea87
MD5

d4ea3afb5081cc97798dae3a9b9b08ba
SHA1

547d3bba0bd585bcfc730b9dcb097ba78bbe945c
SHA256

1b58f53b8971e88720984dab60eeb3d7e76c316e9d43ccb4a762faf5a0aa4874
SHA512

b7460472acdb24fe746889aa0459b7cdbfbf99aef61824bf49877032107712b2926c83353b24d1c6a40340e56bed2444f1fc73b24b13bb09bd1749d79d1daf7f
SSDEEP

1536:SKcR4mjD9r823F/Du7DQTSZf/3Tb9iwOFvrnHNdXAFSiAmQWp3MmYlYpuYFb:SKcWmjRrz3Y7ETSf/3f9iw0jtVASYLMQ

Score

7^/10

persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d4ea3afb5081cc97798dae3a9b9b08ba.exe

Resource

win7-20231129-en

persistence spyware stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d4ea3afb5081cc97798dae3a9b9b08ba.exe

Resource

win10v2004-20240226-en

persistence spyware stealer upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d4ea3afb5081cc97798dae3a9b9b08ba
- Size
  
  89KB
- MD5
  
  d4ea3afb5081cc97798dae3a9b9b08ba
- SHA1
  
  547d3bba0bd585bcfc730b9dcb097ba78bbe945c
- SHA256
  
  1b58f53b8971e88720984dab60eeb3d7e76c316e9d43ccb4a762faf5a0aa4874
- SHA512
  
  b7460472acdb24fe746889aa0459b7cdbfbf99aef61824bf49877032107712b2926c83353b24d1c6a40340e56bed2444f1fc73b24b13bb09bd1749d79d1daf7f
- SSDEEP
  
  1536:SKcR4mjD9r823F/Du7DQTSZf/3Tb9iwOFvrnHNdXAFSiAmQWp3MmYlYpuYFb:SKcWmjRrz3Y7ETSf/3f9iw0jtVASYLMQ
Score

7^/10

persistence spyware stealer upx
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

persistencespywarestealerupx

© 2018-2025

Terms | Privacy