9724b04196328c93c6471346298c8c3f7df8a4f7f1dcfcabd8069aa3239aed97 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

9724b04196328c93c6471346298c8c3f7df8a4f7f1dcfcabd8069aa3239aed97
Size

12KB
Sample

240522-xgngtacf99
MD5

ba57d3d2b83ae6eee6b9ae4ac5a096eb
SHA1

caed869a41956f6c0c435c548bfa56e811be27be
SHA256

9724b04196328c93c6471346298c8c3f7df8a4f7f1dcfcabd8069aa3239aed97
SHA512

7f7b4e76091af53c6a69ff1f448adc94391b16dfcbdbe3472f28e3cdea2cbfe480f748b1ea52a91816aed338be2a5c9efaf5af1e5356f929a9c331d37c860aa6
SSDEEP

192:7L29RBzDzeobchBj8JONVONSY74rusVrEPEjr7AhS:n29jnbcvYJOSx7Aucvr7CS

Score

10^/10

execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9724b04196328c93c6471346298c8c3f7df8a4f7f1dcfcabd8069aa3239aed97.xll

Resource

win10v2004-20240226-en

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

9724b04196328c93c6471346298c8c3f7df8a4f7f1dcfcabd8069aa3239aed97.xll

Resource

win11-20240508-en

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  9724b04196328c93c6471346298c8c3f7df8a4f7f1dcfcabd8069aa3239aed97
- Size
  
  12KB
- MD5
  
  ba57d3d2b83ae6eee6b9ae4ac5a096eb
- SHA1
  
  caed869a41956f6c0c435c548bfa56e811be27be
- SHA256
  
  9724b04196328c93c6471346298c8c3f7df8a4f7f1dcfcabd8069aa3239aed97
- SHA512
  
  7f7b4e76091af53c6a69ff1f448adc94391b16dfcbdbe3472f28e3cdea2cbfe480f748b1ea52a91816aed338be2a5c9efaf5af1e5356f929a9c331d37c860aa6
- SSDEEP
  
  192:7L29RBzDzeobchBj8JONVONSY74rusVrEPEjr7AhS:n29jnbcvYJOSx7Aucvr7CS
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy