6b8d8f703944a1c92ab0c5f79d024acb9675b78f61206fb3cdc15f3ab1bbf41e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

6b8d8f7039...1e.exe

windows7-x64

6b8d8f7039...1e.exe

windows10-2004-x64

Sharing

General

Target

6b8d8f703944a1c92ab0c5f79d024acb9675b78f61206fb3cdc15f3ab1bbf41e
Size

45KB
Sample

240516-3rva1afa47
MD5

7920967d423517857017c07dc365efdf
SHA1

518cc93020965e2991b59be996d943df34c9a70d
SHA256

6b8d8f703944a1c92ab0c5f79d024acb9675b78f61206fb3cdc15f3ab1bbf41e
SHA512

f8b696f5cb80068c6542452b4cd3958d5ec10ae6c304422c840d36bd7b00b4936a036f6467e0f699b1af1fb693c02b6dcb5aa15d225de7788ba4ad5e5cde85ef
SSDEEP

768:2mFQj8rM9whcqet8WfYUtT92S21XFXRnnePxCXNvF7DFK+5nE9:8AwEmBj3EXHn4x+9a9

Score

10^/10

evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6b8d8f703944a1c92ab0c5f79d024acb9675b78f61206fb3cdc15f3ab1bbf41e.exe

Resource

win7-20240508-en

evasion persistence

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

6b8d8f703944a1c92ab0c5f79d024acb9675b78f61206fb3cdc15f3ab1bbf41e.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  6b8d8f703944a1c92ab0c5f79d024acb9675b78f61206fb3cdc15f3ab1bbf41e
- Size
  
  45KB
- MD5
  
  7920967d423517857017c07dc365efdf
- SHA1
  
  518cc93020965e2991b59be996d943df34c9a70d
- SHA256
  
  6b8d8f703944a1c92ab0c5f79d024acb9675b78f61206fb3cdc15f3ab1bbf41e
- SHA512
  
  f8b696f5cb80068c6542452b4cd3958d5ec10ae6c304422c840d36bd7b00b4936a036f6467e0f699b1af1fb693c02b6dcb5aa15d225de7788ba4ad5e5cde85ef
- SSDEEP
  
  768:2mFQj8rM9whcqet8WfYUtT92S21XFXRnnePxCXNvF7DFK+5nE9:8AwEmBj3EXHn4x+9a9
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects executables built or packed with MPress PE compressor
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2025

Terms | Privacy