c61b5607b44767ddefc0bffe8defe80e632309d82196b335bfd7f30dd59fd165 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Megpoid_sw...et.exe

windows7-x64

7

Megpoid_sw...et.exe

windows10-2004-x64

7

Megpoid_sw...up.bin

windows7-x64

3

Megpoid_sw...up.bin

windows10-2004-x64

3

Sharing

General

Target

[eRdK] MegpoidV3_Sweet.rar
Size

157.0MB
Sample

240719-l6sbhsvhml
MD5

be77e3f6cce71a9e4988a062121fc047
SHA1

1fbb892c4fbaceb9a955dbc7017af1d682afead2
SHA256

c61b5607b44767ddefc0bffe8defe80e632309d82196b335bfd7f30dd59fd165
SHA512

d890eb4c2b349faac974128861bc737e9fa705353e3bc584871c84b8f99f79c92341de8874db81ccc02b7b750df9fcaa6167d66d15f9afa0e89eb433d3c4930a
SSDEEP

3145728:P/ki9Dn0DSbS0V2pbdDTlqH3ZLhMwdghXNQk81lfMX3:PMihaS+0VsbdHSZLh3duSVZ63

Score

7^/10

discovery upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Megpoid_sweet/Megpoid_sweet.exe

Resource

win7-20240705-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Megpoid_sweet/Megpoid_sweet.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

Megpoid_sweet/setup.bin

Resource

win7-20240704-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

Megpoid_sweet/setup.bin

Resource

win10v2004-20240709-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Megpoid_sweet/Megpoid_sweet.exe
- Size
  
  5.0MB
- MD5
  
  e7c475266cc53cde788b5bfd5eade9dd
- SHA1
  
  caff489650833e6bcb5173a3db9f61e5a046b85e
- SHA256
  
  6dfbc11d8209b76c3556333f9476672d1b63cc8626ae28b03042969c9e2d4fe7
- SHA512
  
  7d2de3da52e04dbc4f37aa4a4f1f7cca99d0a1ab3a6ea0ff957686b157c1dd92ac229228ba487155044c00b0249ed7263a5c65b23a43828a5b5d7488562429e9
- SSDEEP
  
  98304:PkSuxagH7OD8a8a6kHkEDLmYD1dmr4kAoVjna5fAt+YzW45IzXWX9h8pR4too9:fgHCD8NCkVYxdmMkAoVjnsC+YS/XWz3r
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  Megpoid_sweet/setup.bin
- Size
  
  152.1MB
- MD5
  
  c4af4bb5f1fadde8de2d36ac4d9e4d1a
- SHA1
  
  9b8b7551aa7d9697bd8a285a194762d154d91269
- SHA256
  
  5983328323db0f4d5f2a49780c599ac98a1e95c9f4da22092f63e4c86e12da5e
- SHA512
  
  281a1bb3e72000928dcd06cc1206b6689d5034c72c7632c96558171c43351659cc88dd7902b37cf288658a87049089cfd69a7cb1539593126fed48ac2bfcf2cb
- SSDEEP
  
  3145728:dki9Dn0DSbS0V2pbdDTlqH3ZLhMwdghXNQk81lfMXQ:2ihaS+0VsbdHSZLh3duSVZ6Q
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy