f3a22e965f778a9b4072a659166407e283688a20492feff37818f61b969efa96 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

detalle_tr...DF.exe

windows7-x64

8

detalle_tr...DF.exe

windows10-2004-x64

8

Sharing

General

Target

detalle_transferencia_2024-06-17T205732.008 0200_1765330002017577_PDF.exe
Size

583KB
Sample

240620-anbp9sydjf
MD5

b8a89704d7c7ca02539576bdfc10ca7a
SHA1

f23f9988f2db7cbab1401d5d90a00a9101c6c188
SHA256

f3a22e965f778a9b4072a659166407e283688a20492feff37818f61b969efa96
SHA512

b1d1f2df73472daba9097801501ac5bd2add87f3598235965c662eaa04ecb7730bbdf454a18ccd8c87e2be7c848195de8a383feac900b252b7819f337f4a1ed4
SSDEEP

12288:1oGrk4f6kRkGDzfQ/kBvjzowwc/Lds0lE5SaR9K/vxtUf7:1oGI4ykRkGDOSrzowje0lE9cvxu

Score

8^/10

execution

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

detalle_transferencia_2024-06-17T205732.008 0200_1765330002017577_PDF.exe

Resource

win7-20240508-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

detalle_transferencia_2024-06-17T205732.008 0200_1765330002017577_PDF.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  detalle_transferencia_2024-06-17T205732.008 0200_1765330002017577_PDF.exe
- Size
  
  583KB
- MD5
  
  b8a89704d7c7ca02539576bdfc10ca7a
- SHA1
  
  f23f9988f2db7cbab1401d5d90a00a9101c6c188
- SHA256
  
  f3a22e965f778a9b4072a659166407e283688a20492feff37818f61b969efa96
- SHA512
  
  b1d1f2df73472daba9097801501ac5bd2add87f3598235965c662eaa04ecb7730bbdf454a18ccd8c87e2be7c848195de8a383feac900b252b7819f337f4a1ed4
- SSDEEP
  
  12288:1oGrk4f6kRkGDzfQ/kBvjzowwc/Lds0lE5SaR9K/vxtUf7:1oGI4ykRkGDOSrzowje0lE9cvxu
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy