737dbc28f25d830dfb1f315d51266eb823c65ee1392260f48c6288c41fd86e65 | Triage

Submit
Reports

Overview

overview

Static

static

737dbc28f2...65.exe

windows7-x64

737dbc28f2...65.exe

windows10-2004-x64

Sharing

General

Target

737dbc28f25d830dfb1f315d51266eb823c65ee1392260f48c6288c41fd86e65
Size

124KB
Sample

240606-a5fqjsda71
MD5

bcefedccbe69abf705c40dbbc596a702
SHA1

438591b71b3bda92490a849a9efe37be6fae4079
SHA256

737dbc28f25d830dfb1f315d51266eb823c65ee1392260f48c6288c41fd86e65
SHA512

c42db07376dd32455778a4716c9c1519d52872527d9db36a9cc5cebc2bcdb98313a5ce5656d61b7e895e9d670c96e0b45c82a2188f3bb4e2934278b60a2cac51
SSDEEP

1536:MjmMW0owZMnS1wjkHWrHUdPSGAq1O5LWnouy8m:MFW0VqSmI2jUKmOtmout

Score

10^/10

evasion persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

737dbc28f25d830dfb1f315d51266eb823c65ee1392260f48c6288c41fd86e65.exe

Resource

win7-20240419-en

evasion persistence trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

737dbc28f25d830dfb1f315d51266eb823c65ee1392260f48c6288c41fd86e65.exe

Resource

win10v2004-20240426-en

evasion persistence trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  737dbc28f25d830dfb1f315d51266eb823c65ee1392260f48c6288c41fd86e65
- Size
  
  124KB
- MD5
  
  bcefedccbe69abf705c40dbbc596a702
- SHA1
  
  438591b71b3bda92490a849a9efe37be6fae4079
- SHA256
  
  737dbc28f25d830dfb1f315d51266eb823c65ee1392260f48c6288c41fd86e65
- SHA512
  
  c42db07376dd32455778a4716c9c1519d52872527d9db36a9cc5cebc2bcdb98313a5ce5656d61b7e895e9d670c96e0b45c82a2188f3bb4e2934278b60a2cac51
- SSDEEP
  
  1536:MjmMW0owZMnS1wjkHWrHUdPSGAq1O5LWnouy8m:MFW0VqSmI2jUKmOtmout
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- UPX dump on OEP (original entry point)
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy