2bafd290e0b508efe1cda6683c9f576a755f1b18138dd16a51dd4e0515830c8a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

更多下载.html

windows7-x64

1

更多下载.html

windows10-2004-x64

1

魔豆推�....2.exe

windows7-x64

7

魔豆推�....2.exe

windows10-2004-x64

7

Sharing

General

Target

2bafd290e0b508efe1cda6683c9f576a755f1b18138dd16a51dd4e0515830c8a
Size

13.2MB
Sample

240517-ngjzysff69
MD5

e6e35dc3cfd1394d28df05f062067d6e
SHA1

593fadcdcc169a82e1ad5401206964d93b9868c0
SHA256

2bafd290e0b508efe1cda6683c9f576a755f1b18138dd16a51dd4e0515830c8a
SHA512

10cd1e33c7b35f8094e4ba8780438bc93037ca6b648e4d8ec67862fa06ec1f8af51d3b113cd078217b980761a7211c337c3a434a1d2717aede7bffe9192013bf
SSDEEP

393216:MewyGc450Bzt0f2KfC1pILtYqyh6MCliuVCk3Ij:jw9cvRKbaGY16Myj+

Score

7^/10

upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

更多下载.html

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

更多下载.html

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

魔豆推流助手3.2.exe

Resource

win7-20240508-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

魔豆推流助手3.2.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  更多下载.html
- Size
  
  410B
- MD5
  
  7bb7ae902ffeb8c37fe00b88fe68c1e7
- SHA1
  
  c839f12d71b57aafbdbd7bca481e9438e8801579
- SHA256
  
  8d518dfe520c4464fe9fd28724ae8d9700ab0a6e5a648f9be8a85a526b095c87
- SHA512
  
  46ccd91f2d826b19b272c1440b5f8ef7c96261e0ed8cc40d064a0ddc547400e8c35831280999ab37fb7df2a525c8c88d1d5f3e36161b0b633249c7f226b66803
Score

1^/10
behavioral1 behavioral2
- Target
  
  魔豆推流助手3.2.exe
- Size
  
  19.1MB
- MD5
  
  40cde9bee37d8d2e5a3e3b18a38a4f98
- SHA1
  
  f52488d0c672a4f1960dd9ea340d0eb0608cc78b
- SHA256
  
  1d6ebc63d95d504a6b7370e7e207a750f0a3b0485bcde45c4af3953790ff318e
- SHA512
  
  096258884e8c9cdb56654657a28e450f40bf1f5d911e46083b5992774b72fa34759be556e67bc3dff6e0447bad927dd0f07c8ec57655651b0509b8f8f1b43853
- SSDEEP
  
  393216:9S+dweg9D6kOH2Ii888ePH1xNhDVTPac9sb:9Zdwjow1v7m
Score

7^/10

upx vmprotect
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy