f46ca9f9ce10a5e7d09839a060ae2180439b4812abbcb9f0da952a963c5d5a92 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

f46ca9f9ce...92.exe

windows7-x64

9

f46ca9f9ce...92.exe

windows10-2004-x64

9

Sharing

General

Target

f46ca9f9ce10a5e7d09839a060ae2180439b4812abbcb9f0da952a963c5d5a92
Size

496KB
Sample

240726-ga2g4asepg
MD5

a75f4e9f42dcfdbb0142daec7d86261c
SHA1

acd55d6988f7a4cdc66eddfc782ab72c89ecffee
SHA256

f46ca9f9ce10a5e7d09839a060ae2180439b4812abbcb9f0da952a963c5d5a92
SHA512

a9e4f716acf53e8e38bf638e6bdf3e5910a0079734488dcbfa4dbf24246e75005da9e823b42b1873b3b82f6000b97cee20b10f8e59d5c678f7cbcb40fa0f8eed
SSDEEP

12288:Clzo33HHzk1uxJZCr2vxtl2uw1TVdsovFjW+1:Clzo33HHzpf8C/l299VdlFj91

Score

9^/10

discovery evasion

Static task

static1

Behavioral task

behavioral1

Sample

f46ca9f9ce10a5e7d09839a060ae2180439b4812abbcb9f0da952a963c5d5a92.exe

Resource

win7-20240705-en

discovery evasion

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f46ca9f9ce10a5e7d09839a060ae2180439b4812abbcb9f0da952a963c5d5a92.exe

Resource

win10v2004-20240709-en

discovery evasion

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f46ca9f9ce10a5e7d09839a060ae2180439b4812abbcb9f0da952a963c5d5a92
- Size
  
  496KB
- MD5
  
  a75f4e9f42dcfdbb0142daec7d86261c
- SHA1
  
  acd55d6988f7a4cdc66eddfc782ab72c89ecffee
- SHA256
  
  f46ca9f9ce10a5e7d09839a060ae2180439b4812abbcb9f0da952a963c5d5a92
- SHA512
  
  a9e4f716acf53e8e38bf638e6bdf3e5910a0079734488dcbfa4dbf24246e75005da9e823b42b1873b3b82f6000b97cee20b10f8e59d5c678f7cbcb40fa0f8eed
- SSDEEP
  
  12288:Clzo33HHzk1uxJZCr2vxtl2uw1TVdsovFjW+1:Clzo33HHzpf8C/l299VdlFj91
Score

9^/10

discovery evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

© 2018-2025

Terms | Privacy