6fda5bd63e6647c70c7f420b4145898cada9e1a8bff4fca7f6a5859b648d217c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

www.DeadSe...or.exe

windows10-1703-x64

Sharing

General

Target

www.DeadSec0000000000-obfusecator.exe
Size

164KB
Sample

240805-wqsmfsteml
MD5

22d120454dd38d7f1a3f1cd0eb497f95
SHA1

4c11a082bf8e64b21310b959821a9f7324aa8107
SHA256

6fda5bd63e6647c70c7f420b4145898cada9e1a8bff4fca7f6a5859b648d217c
SHA512

1552101b7a22082eb69fe3485c53f595055bfc6db01ed14d4abc6f9cb9793e8ca3bc2f2448741fd8b4616f735c9f4f2e0299dc938d264103107fccbe68dc39a9
SSDEEP

3072:2QpshPjBCk79JFsCN5dbTA4ZbenYm7MHdcytrkueBuG1/dhRAJiYr:2QpshPjBCuJH5d3fZbeT4KueBu4jRsr

Score

10^/10

defense_evasion discovery execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

www.DeadSec0000000000-obfusecator.exe

Resource

win10-20240404-en

defense_evasion discovery execution

windows10-1703-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  www.DeadSec0000000000-obfusecator.exe
- Size
  
  164KB
- MD5
  
  22d120454dd38d7f1a3f1cd0eb497f95
- SHA1
  
  4c11a082bf8e64b21310b959821a9f7324aa8107
- SHA256
  
  6fda5bd63e6647c70c7f420b4145898cada9e1a8bff4fca7f6a5859b648d217c
- SHA512
  
  1552101b7a22082eb69fe3485c53f595055bfc6db01ed14d4abc6f9cb9793e8ca3bc2f2448741fd8b4616f735c9f4f2e0299dc938d264103107fccbe68dc39a9
- SSDEEP
  
  3072:2QpshPjBCk79JFsCN5dbTA4ZbenYm7MHdcytrkueBuG1/dhRAJiYr:2QpshPjBCuJH5d3fZbeT4KueBu4jRsr
Score

10^/10

defense_evasion discovery execution
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy