26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd | Triage

Submit
Reports

Overview

overview

9

Static

static

3

7z2301-x64.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

7z2301-x64.exe
Size

1.5MB
Sample

240809-xmlkeayanh
MD5

e5788b13546156281bf0a4b38bdd0901
SHA1

7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256

26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512

1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff
SSDEEP

49152:RoOF3Wh8esAMmyyImtH97VTjrtlEfmSX4b:RoYWh8JAV/VH97F3tlQ+b

Score

9^/10

discovery evasion persistence privilege_escalation

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7z2301-x64.exe

Resource

win10v2004-20240802-en

discovery evasion persistence privilege_escalation

windows10-2004-x64

23 signatures

600 seconds

Malware Config

Targets

- Target
  
  7z2301-x64.exe
- Size
  
  1.5MB
- MD5
  
  e5788b13546156281bf0a4b38bdd0901
- SHA1
  
  7df28d340d7084647921cc25a8c2068bb192bdbb
- SHA256
  
  26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
- SHA512
  
  1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff
- SSDEEP
  
  49152:RoOF3Wh8esAMmyyImtH97VTjrtlEfmSX4b:RoYWh8JAV/VH97F3tlQ+b
Score

9^/10

discovery evasion persistence privilege_escalation
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

© 2018-2025

Terms | Privacy