c77b2bad7f4edda9c6e30a7f3c991cce88a807efe2fb1dd9a42042ef543ec642 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

c77b2bad7f...42.exe

windows7-x64

8

c77b2bad7f...42.exe

windows10-2004-x64

8

Sharing

General

Target

c77b2bad7f4edda9c6e30a7f3c991cce88a807efe2fb1dd9a42042ef543ec642
Size

1.4MB
Sample

240429-smy4aaea5t
MD5

665fc2d58568c65bbf1666d7251050b4
SHA1

27864d09343a708bdb44c78e3128931dcab57777
SHA256

c77b2bad7f4edda9c6e30a7f3c991cce88a807efe2fb1dd9a42042ef543ec642
SHA512

58bd29e0ccea43aa65c67ef2a0170eda12a51967900921029ddc08fd374e522007694dc43650bfe575dfc14ae5d46d461c3fd65c1cd213a4b6bb8fdc25957499
SSDEEP

24576:vhzK9hcxXwcUlINc6iZOmmdLBR92w0WqXJJ15XncyTdiG0KtKrEH7K:VKzcxXMiNc7SpFS1Bjios

Score

8^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

c77b2bad7f4edda9c6e30a7f3c991cce88a807efe2fb1dd9a42042ef543ec642.exe

Resource

win7-20231129-en

persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

c77b2bad7f4edda9c6e30a7f3c991cce88a807efe2fb1dd9a42042ef543ec642.exe

Resource

win10v2004-20240419-en

persistence upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  c77b2bad7f4edda9c6e30a7f3c991cce88a807efe2fb1dd9a42042ef543ec642
- Size
  
  1.4MB
- MD5
  
  665fc2d58568c65bbf1666d7251050b4
- SHA1
  
  27864d09343a708bdb44c78e3128931dcab57777
- SHA256
  
  c77b2bad7f4edda9c6e30a7f3c991cce88a807efe2fb1dd9a42042ef543ec642
- SHA512
  
  58bd29e0ccea43aa65c67ef2a0170eda12a51967900921029ddc08fd374e522007694dc43650bfe575dfc14ae5d46d461c3fd65c1cd213a4b6bb8fdc25957499
- SSDEEP
  
  24576:vhzK9hcxXwcUlINc6iZOmmdLBR92w0WqXJJ15XncyTdiG0KtKrEH7K:VKzcxXMiNc7SpFS1Bjios
Score

8^/10

persistence upx
- Modifies AppInit DLL entries
  persistence
- Sets file execution options in registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy