e368c1bc562c0f4769de6f52d934a4bac97ad6d5c6e7d84d6e3d8ddf59b3f3d4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

sample.html

windows10-2004-x64

7

Sharing

General

Target

sample
Size

20KB
Sample

240420-n81f1sgd29
MD5

8f38eeee5cf9d6712f6eb9e4c43f293d
SHA1

c27a28463b3e804d50ae91cead6a427fbfff7ef2
SHA256

e368c1bc562c0f4769de6f52d934a4bac97ad6d5c6e7d84d6e3d8ddf59b3f3d4
SHA512

b3bded141d5748c1cf08f573d1ac73173e52dd3d236f2b4f5d7bc987c95a55d50c0d4d84b5f34a1131a418d7a9005bcdc39b3f2109ab7347d18316f1cd0df34d
SSDEEP

384:rL0fFJw5xednDpmReVoOs4Ci9ylKeGM0Uukf5HhhbUg0bM7UjS2LjFrSnT+7VJCg:rL0fFJgGnBVoOs4CmyI1MQkf5BhbFpUX

Score

7^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win10v2004-20240412-en

discovery persistence

windows10-2004-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  20KB
- MD5
  
  8f38eeee5cf9d6712f6eb9e4c43f293d
- SHA1
  
  c27a28463b3e804d50ae91cead6a427fbfff7ef2
- SHA256
  
  e368c1bc562c0f4769de6f52d934a4bac97ad6d5c6e7d84d6e3d8ddf59b3f3d4
- SHA512
  
  b3bded141d5748c1cf08f573d1ac73173e52dd3d236f2b4f5d7bc987c95a55d50c0d4d84b5f34a1131a418d7a9005bcdc39b3f2109ab7347d18316f1cd0df34d
- SSDEEP
  
  384:rL0fFJw5xednDpmReVoOs4Ci9ylKeGM0Uukf5HhhbUg0bM7UjS2LjFrSnT+7VJCg:rL0fFJgGnBVoOs4CmyI1MQkf5BhbFpUX
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

© 2018-2025

Terms | Privacy