0663610695c856638c9832f75ffc61b37a68ffb6c0ee702cc58f3b91fb124c6c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0663610695...6c.exe

windows7-x64

0663610695...6c.exe

windows10-2004-x64

Sharing

General

Target

0663610695c856638c9832f75ffc61b37a68ffb6c0ee702cc58f3b91fb124c6c
Size

89KB
Sample

240530-wzt7msha89
MD5

65191e0dc05876a36f10d70c851e81a4
SHA1

042cbb5b36e36955470b9494a07cc9b816de33bd
SHA256

0663610695c856638c9832f75ffc61b37a68ffb6c0ee702cc58f3b91fb124c6c
SHA512

6ca2205b4281ffd21f49522952fdfffca80c89e7b88cf6f89277c11ab43bbb5133e18722062581e47df4452337496ad534343e79c0e1c799670d4675ec131976
SSDEEP

1536:71sMveb4lR0daHy9v7Zc86y9U4AFRfBWAEn9:BDeb4T0daHy9DZc86yGUtn9

Score

10^/10

evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0663610695c856638c9832f75ffc61b37a68ffb6c0ee702cc58f3b91fb124c6c.exe

Resource

win7-20240220-en

evasion persistence

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

0663610695c856638c9832f75ffc61b37a68ffb6c0ee702cc58f3b91fb124c6c.exe

Resource

win10v2004-20240508-en

evasion persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  0663610695c856638c9832f75ffc61b37a68ffb6c0ee702cc58f3b91fb124c6c
- Size
  
  89KB
- MD5
  
  65191e0dc05876a36f10d70c851e81a4
- SHA1
  
  042cbb5b36e36955470b9494a07cc9b816de33bd
- SHA256
  
  0663610695c856638c9832f75ffc61b37a68ffb6c0ee702cc58f3b91fb124c6c
- SHA512
  
  6ca2205b4281ffd21f49522952fdfffca80c89e7b88cf6f89277c11ab43bbb5133e18722062581e47df4452337496ad534343e79c0e1c799670d4675ec131976
- SSDEEP
  
  1536:71sMveb4lR0daHy9v7Zc86y9U4AFRfBWAEn9:BDeb4T0daHy9DZc86yGUtn9
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects executables packed with ASPack
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy