658b22f3ce994ed65e4f632623072ae9fdacdabb0983d9b7a6a3c9d5834051c3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

3bcfdc70f9...0N.exe

windows7-x64

7

3bcfdc70f9...0N.exe

windows10-2004-x64

7

Sharing

General

Target

3bcfdc70f9303d442ddfc552312cd070N.exe
Size

1.1MB
Sample

240714-28c8dazake
MD5

3bcfdc70f9303d442ddfc552312cd070
SHA1

0b3a1f63f06047a9140db948f8d0090096f5c700
SHA256

658b22f3ce994ed65e4f632623072ae9fdacdabb0983d9b7a6a3c9d5834051c3
SHA512

08c2586307facf761915dd8b3dd673692dee66b952e04d0b9a2694cc94817067af7ee966ae57e4d1355f3bfac2c66fec2d815e261b424d44d811f1dbbfb706ee
SSDEEP

24576:7rNz/a/L2kPIiNkeuuqaYBBLi7PpwmOQQbZETDQTm+EA7vrer:/5/CL2hauuq3HcJHnTDQ97s

Score

7^/10

persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3bcfdc70f9303d442ddfc552312cd070N.exe

Resource

win7-20240704-en

persistence spyware stealer upx

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

3bcfdc70f9303d442ddfc552312cd070N.exe

Resource

win10v2004-20240709-en

persistence spyware stealer upx

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  3bcfdc70f9303d442ddfc552312cd070N.exe
- Size
  
  1.1MB
- MD5
  
  3bcfdc70f9303d442ddfc552312cd070
- SHA1
  
  0b3a1f63f06047a9140db948f8d0090096f5c700
- SHA256
  
  658b22f3ce994ed65e4f632623072ae9fdacdabb0983d9b7a6a3c9d5834051c3
- SHA512
  
  08c2586307facf761915dd8b3dd673692dee66b952e04d0b9a2694cc94817067af7ee966ae57e4d1355f3bfac2c66fec2d815e261b424d44d811f1dbbfb706ee
- SSDEEP
  
  24576:7rNz/a/L2kPIiNkeuuqaYBBLi7PpwmOQQbZETDQTm+EA7vrer:/5/CL2hauuq3HcJHnTDQ97s
Score

7^/10

persistence spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2

persistencespywarestealerupx

© 2018-2025

Terms | Privacy