f7d780b18d0fefff78a359cc0645781266ac302e4509a07476b92d7fdf49fe6b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

ID to TOKEN.py

windows11-21h2-x64

8

Resubmissions

19/07/2024, 11:21

240719-nggjts1hpc 6

19/07/2024, 11:06

240719-m7vnps1emb 8

Sharing

General

Target

ID to TOKEN.py
Size

5KB
Sample

240719-m7vnps1emb
MD5

391d0c0c2c22540e9a631a180a739722
SHA1

81848c775bd8d4efa3f75a34caa73184813d0276
SHA256

f7d780b18d0fefff78a359cc0645781266ac302e4509a07476b92d7fdf49fe6b
SHA512

15c39ef25cb7d1a3949e5b028ff66408386b0aaed4034af5a9181d77f5461369a6c87e066c3bc64affb8cc875ff947774fcc79bf8795e21e296e259dbfa05c50
SSDEEP

96:rMkv2VuawZBLIBfI3p8DpvlRXdFVrepZq2MDlwH2i:Z2Vuaw3LIBfI58nRzVr12elwH2i

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

ID to TOKEN.py

Resource

win11-20240709-en

discovery persistence privilege_escalation

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  ID to TOKEN.py
- Size
  
  5KB
- MD5
  
  391d0c0c2c22540e9a631a180a739722
- SHA1
  
  81848c775bd8d4efa3f75a34caa73184813d0276
- SHA256
  
  f7d780b18d0fefff78a359cc0645781266ac302e4509a07476b92d7fdf49fe6b
- SHA512
  
  15c39ef25cb7d1a3949e5b028ff66408386b0aaed4034af5a9181d77f5461369a6c87e066c3bc64affb8cc875ff947774fcc79bf8795e21e296e259dbfa05c50
- SSDEEP
  
  96:rMkv2VuawZBLIBfI3p8DpvlRXdFVrepZq2MDlwH2i:Z2Vuaw3LIBfI58nRzVr12elwH2i
Score

8^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy