8ba707a469375950af9c99ea7002073c249e6590b5f6b1e00bd57513bf91bdbb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

TEST.exe

windows10-2004-x64

Sharing

General

Target

TEST.exe
Size

923KB
Sample

240610-whz2kavgmm
MD5

d057b17b2d07a9bf556180a6246c2fdc
SHA1

c33aebf5bee8ba6624ab825c5def329d7cb1fe53
SHA256

8ba707a469375950af9c99ea7002073c249e6590b5f6b1e00bd57513bf91bdbb
SHA512

bf359ca5d52b52fb19a11053066fb836aa4f2cbfd66c728ab94d89d4d066ff21c320a9bdfa96343394fb11a2edc68b3bdf64072bc3cc07fd0ca78d94a87f5ca4
SSDEEP

12288:uyXnShmoqyGN9QF4Px3nNQLyNOGYmvOgeEFVPNpHChN6zGZu0uQlVgaPg5xxXRna:56NGTbJKLwemPTVpHCSbwaT1rXH

Score

10^/10

evasion execution ransomware trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TEST.exe

Resource

win10v2004-20240426-en

evasion execution ransomware trojan upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  TEST.exe
- Size
  
  923KB
- MD5
  
  d057b17b2d07a9bf556180a6246c2fdc
- SHA1
  
  c33aebf5bee8ba6624ab825c5def329d7cb1fe53
- SHA256
  
  8ba707a469375950af9c99ea7002073c249e6590b5f6b1e00bd57513bf91bdbb
- SHA512
  
  bf359ca5d52b52fb19a11053066fb836aa4f2cbfd66c728ab94d89d4d066ff21c320a9bdfa96343394fb11a2edc68b3bdf64072bc3cc07fd0ca78d94a87f5ca4
- SSDEEP
  
  12288:uyXnShmoqyGN9QF4Px3nNQLyNOGYmvOgeEFVPNpHChN6zGZu0uQlVgaPg5xxXRna:56NGTbJKLwemPTVpHCSbwaT1rXH
Score

10^/10

evasion execution ransomware trojan upx
- UAC bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Disables Task Manager via registry modification
  evasion
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Service Stop

Tasks

static1

behavioral1

evasionexecutionransomwaretrojanupx

© 2018-2025

Terms | Privacy