7714d31c57edc5cac50f4a089f4006f39a10ee1eb5cdceb37da21be2d7991102 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7714d31c57...02.exe

windows7-x64

7714d31c57...02.exe

windows10-2004-x64

Sharing

General

Target

7714d31c57edc5cac50f4a089f4006f39a10ee1eb5cdceb37da21be2d7991102
Size

51KB
Sample

240603-23se4sdc38
MD5

a0ab857ead3ceaa24fd8ee6c9d06eca2
SHA1

9555c6cdbd2de7f6cc8d91dcb4feb0931980bc38
SHA256

7714d31c57edc5cac50f4a089f4006f39a10ee1eb5cdceb37da21be2d7991102
SHA512

e42ad3cab9a94cac1713f5892dcae2b626c3e74f3b489f09d3f1a0cd78fdfcb404e952d94bd5599889843704cf1149505a48fdc5c6e64e55b27df2a932dcce62
SSDEEP

768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3S:nNJb/HkwoLe29UjQ4wqQOLIMVnS3S

Score

10^/10

evasion persistence upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

7714d31c57edc5cac50f4a089f4006f39a10ee1eb5cdceb37da21be2d7991102.exe

Resource

win7-20240215-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

7714d31c57edc5cac50f4a089f4006f39a10ee1eb5cdceb37da21be2d7991102.exe

Resource

win10v2004-20240426-en

evasion persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7714d31c57edc5cac50f4a089f4006f39a10ee1eb5cdceb37da21be2d7991102
- Size
  
  51KB
- MD5
  
  a0ab857ead3ceaa24fd8ee6c9d06eca2
- SHA1
  
  9555c6cdbd2de7f6cc8d91dcb4feb0931980bc38
- SHA256
  
  7714d31c57edc5cac50f4a089f4006f39a10ee1eb5cdceb37da21be2d7991102
- SHA512
  
  e42ad3cab9a94cac1713f5892dcae2b626c3e74f3b489f09d3f1a0cd78fdfcb404e952d94bd5599889843704cf1149505a48fdc5c6e64e55b27df2a932dcce62
- SSDEEP
  
  768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3S:nNJb/HkwoLe29UjQ4wqQOLIMVnS3S
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UPX dump on OEP (original entry point)
- Drops file in Drivers directory
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy