8718db6db75b3d30c76dbe0e15dede1702ec0c70bac6951116760716379bf694 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

8718db6db7...94.exe

windows7-x64

7

8718db6db7...94.exe

windows10-2004-x64

7

Sharing

General

Target

8718db6db75b3d30c76dbe0e15dede1702ec0c70bac6951116760716379bf694
Size

135KB
Sample

240723-3xpygawbrl
MD5

234c42cd600b79f965922e16c5abb110
SHA1

93eaecfe145d6b7d3ec1e93bee606d1f40dd953f
SHA256

8718db6db75b3d30c76dbe0e15dede1702ec0c70bac6951116760716379bf694
SHA512

51e648032c49349c80e031e6b533bafad42a6587603e31bc102e466c9d7e2030fcfb5252e20b2c5a5620f5e49240a06fdf0c3cace9b4842b2552c8964197d6f3
SSDEEP

1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOjq:YfU/WF6QMauSuiWNi9eNOl0007NZIOjq

Score

7^/10

defense_evasion discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8718db6db75b3d30c76dbe0e15dede1702ec0c70bac6951116760716379bf694.exe

Resource

win7-20240704-en

defense_evasion discovery persistence upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8718db6db75b3d30c76dbe0e15dede1702ec0c70bac6951116760716379bf694.exe

Resource

win10v2004-20240709-en

defense_evasion discovery persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  8718db6db75b3d30c76dbe0e15dede1702ec0c70bac6951116760716379bf694
- Size
  
  135KB
- MD5
  
  234c42cd600b79f965922e16c5abb110
- SHA1
  
  93eaecfe145d6b7d3ec1e93bee606d1f40dd953f
- SHA256
  
  8718db6db75b3d30c76dbe0e15dede1702ec0c70bac6951116760716379bf694
- SHA512
  
  51e648032c49349c80e031e6b533bafad42a6587603e31bc102e466c9d7e2030fcfb5252e20b2c5a5620f5e49240a06fdf0c3cace9b4842b2552c8964197d6f3
- SSDEEP
  
  1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOjq:YfU/WF6QMauSuiWNi9eNOl0007NZIOjq
Score

7^/10

defense_evasion discovery persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceupx

behavioral2

defense_evasiondiscoverypersistenceupx

© 2018-2025

Terms | Privacy