5168a986f9710c4f47b45c8bb815d332a0aed107bd380294cf748495d72b0de1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

5

temp_0sz7n...in.exe

windows7-x64

9

temp_0sz7n...in.exe

windows10-2004-x64

9

Sharing

General

Target

temp_0sz7npj031wnvpnvg170.bin.exe
Size

6.0MB
Sample

240813-wwbk5ayeqe
MD5

ab09d7d42cea63410374cc3de8f021c1
SHA1

1766566087780f9b016ac67eaf28196f89b41731
SHA256

5168a986f9710c4f47b45c8bb815d332a0aed107bd380294cf748495d72b0de1
SHA512

686f21dcac7dc63cd072f2740f9235ab655dcb1ce4d98f0e57e380daa244680248b9a53ff94ff3af3d8016088e608530009a5a94a59ec9a34004a8503ce2d69c
SSDEEP

196608:Z3dxfH3KFhUi1h9RXWFmDpuGKN1lbdEm:Z3dRH3/i1XFWFmDpO3y

Score

9^/10

discovery evasion

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

temp_0sz7npj031wnvpnvg170.bin.exe

Resource

win7-20240704-en

discovery evasion

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

temp_0sz7npj031wnvpnvg170.bin.exe

Resource

win10v2004-20240802-en

discovery evasion

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  temp_0sz7npj031wnvpnvg170.bin.exe
- Size
  
  6.0MB
- MD5
  
  ab09d7d42cea63410374cc3de8f021c1
- SHA1
  
  1766566087780f9b016ac67eaf28196f89b41731
- SHA256
  
  5168a986f9710c4f47b45c8bb815d332a0aed107bd380294cf748495d72b0de1
- SHA512
  
  686f21dcac7dc63cd072f2740f9235ab655dcb1ce4d98f0e57e380daa244680248b9a53ff94ff3af3d8016088e608530009a5a94a59ec9a34004a8503ce2d69c
- SSDEEP
  
  196608:Z3dxfH3KFhUi1h9RXWFmDpuGKN1lbdEm:Z3dRH3/i1XFWFmDpO3y
Score

9^/10

discovery evasion
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

© 2018-2025

Terms | Privacy