Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

LisectAVT_...57.exe

windows7-x64

10

LisectAVT_...57.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LisectAVT_2403002A_457.exe

  • Size

    7.9MB

  • Sample

    240725-azntzazfpg

  • MD5

    df7de69ab2314a758f358bbcace32f89

  • SHA1

    1b74178b6adc600bc5b6d32ef2bc5f2dc7b198cd

  • SHA256

    9e4bc06a4746f132fcaad9f28e995fb14b941f0fa3ebf2c90ddbf6d248e098cb

  • SHA512

    5f63c7644ae566cad308c4bd26931f1853cca48fc44788a5d8400d81a89e9bb5ff5876238de688dfd2c23f02c4d5bca0a02fef752dbad4b0319b31cf7b9972bf

  • SSDEEP

    196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazn4Arrk6/rL:kfauN/HYOSIT/EVF90AM6

Score
10/10
beapymimikatzdefense_evasiondiscoveryevasionminerpersistenceprivilege_escalationpyinstallerworm

Malware Config

Targets

    • Target

      LisectAVT_2403002A_457.exe

    • Size

      7.9MB

    • MD5

      df7de69ab2314a758f358bbcace32f89

    • SHA1

      1b74178b6adc600bc5b6d32ef2bc5f2dc7b198cd

    • SHA256

      9e4bc06a4746f132fcaad9f28e995fb14b941f0fa3ebf2c90ddbf6d248e098cb

    • SHA512

      5f63c7644ae566cad308c4bd26931f1853cca48fc44788a5d8400d81a89e9bb5ff5876238de688dfd2c23f02c4d5bca0a02fef752dbad4b0319b31cf7b9972bf

    • SSDEEP

      196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazn4Arrk6/rL:kfauN/HYOSIT/EVF90AM6

    Score
    10/10
    beapymimikatzdefense_evasiondiscoveryevasionminerpersistenceprivilege_escalationpyinstallerworm

    • Beapy

      Beapy is a python worm with crypto mining capabilities.

      minerwormbeapy

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Contacts a large (9654) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • mimikatz is an open source tool to dump credentials on Windows

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Indicator Removal

1
T1070

Clear Persistence

1
T1070.009

Credential Access

Discovery

Domain Trust Discovery

1
T1482

Network Service Discovery

2
T1046

Permission Groups Discovery

2
T1069

Domain Groups

1
T1069.002

Local Groups

1
T1069.001

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.