Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2f03458ad6...0N.exe

windows7-x64

10

2f03458ad6...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f03458ad6b6605141feb293efeaf330N.exe

  • Size

    6.6MB

  • Sample

    240806-3zj51aybjh

  • MD5

    2f03458ad6b6605141feb293efeaf330

  • SHA1

    9aa3cd08e9eace91b6d7b795ad917eab5b8fcb51

  • SHA256

    e7559c31d3149d7156a14ffc2b285fd85fa4a39a3e26e9d790ef8f15bb9fba66

  • SHA512

    5bbc7ea89400798f5409e631c5edcf88e827824aea167a4e495f3d8f619cd24f4f88264b9b135c3c3036659f60513b1542db66063a79d337dc052f3866b3037d

  • SSDEEP

    196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazA:kfauN/HYOSIT/EVF98

Score
10/10
beapymimikatzdefense_evasiondiscoveryevasionminerpersistenceprivilege_escalationpyinstallerworm

Malware Config

Targets

    • Target

      2f03458ad6b6605141feb293efeaf330N.exe

    • Size

      6.6MB

    • MD5

      2f03458ad6b6605141feb293efeaf330

    • SHA1

      9aa3cd08e9eace91b6d7b795ad917eab5b8fcb51

    • SHA256

      e7559c31d3149d7156a14ffc2b285fd85fa4a39a3e26e9d790ef8f15bb9fba66

    • SHA512

      5bbc7ea89400798f5409e631c5edcf88e827824aea167a4e495f3d8f619cd24f4f88264b9b135c3c3036659f60513b1542db66063a79d337dc052f3866b3037d

    • SSDEEP

      196608:eAqjTpnhXlmyWCZNulPKQ8hY/Bkr/fOIT/+VdlBFKazA:kfauN/HYOSIT/EVF98

    Score
    10/10
    beapymimikatzdefense_evasiondiscoveryevasionminerpersistenceprivilege_escalationpyinstallerworm

    • Beapy

      Beapy is a python worm with crypto mining capabilities.

      minerwormbeapy

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Contacts a large (5844) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • mimikatz is an open source tool to dump credentials on Windows

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Indicator Removal: Clear Persistence

      Clear artifacts associated with previously established persistence like scheduletasks on a host.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Account Manipulation

1
T1098

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Indicator Removal

1
T1070

Clear Persistence

1
T1070.009

Credential Access

Discovery

Domain Trust Discovery

1
T1482

Network Service Discovery

2
T1046

Permission Groups Discovery

2
T1069

Domain Groups

1
T1069.002

Local Groups

1
T1069.001

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.