8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

8d0ebca00f...f7.exe

windows7-x64

8

8d0ebca00f...f7.exe

windows10-2004-x64

8

Sharing

General

Target

8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7
Size

10.0MB
Sample

240809-jm3l2axhqq
MD5

4b73f53d55a36d518162fc139c2893c2
SHA1

6262f740dd1ce1bf2db221631aa03885cb1cdb19
SHA256

8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7
SHA512

e6a49b9ef265530e85ee7d2e632711ae312daaccf3d162baba80d46f824bd75d1872e0880a2192aae3449e4551924974a560c93dbd233693497bfceef3b59fa9
SSDEEP

196608:pNXzAJV7gJUmDuwANtUA+NVRDPImrRz2k/IRrhBSEp3h2WfXAL2bBsj+E:TX7xyXp+NVmmrRSk/erSEpRVfwLAeSE

Score

8^/10

bootkit discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7.exe

Resource

win7-20240708-en

bootkit discovery persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7.exe

Resource

win10v2004-20240802-en

bootkit discovery persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7
- Size
  
  10.0MB
- MD5
  
  4b73f53d55a36d518162fc139c2893c2
- SHA1
  
  6262f740dd1ce1bf2db221631aa03885cb1cdb19
- SHA256
  
  8d0ebca00f39061708a25e87d131d0a1a414b604994c48cf0aa2c44ebe5937f7
- SHA512
  
  e6a49b9ef265530e85ee7d2e632711ae312daaccf3d162baba80d46f824bd75d1872e0880a2192aae3449e4551924974a560c93dbd233693497bfceef3b59fa9
- SSDEEP
  
  196608:pNXzAJV7gJUmDuwANtUA+NVRDPImrRz2k/IRrhBSEp3h2WfXAL2bBsj+E:TX7xyXp+NVmmrRSk/erSEpRVfwLAeSE
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2025

Terms | Privacy