0ce9a490c10e426b0d442480d75d3327967a063daf0b2a409671d8c239d2db43 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

windinject.exe

windows10-2004-x64

Sharing

General

Target

windinject.exe
Size

1.3MB
Sample

240818-s99hja1dle
MD5

084186408c3a3c3cbce4239b8d979cd9
SHA1

a918568f552d4245d47482dd80494623e267b987
SHA256

0ce9a490c10e426b0d442480d75d3327967a063daf0b2a409671d8c239d2db43
SHA512

03e0adcfd58e1482885cec3e7256570778f725a0e72d2553634cbb514e9591fabeebfa700ea610d84e295fa57506696a26273f46cd44f085d38b1c114ce12ca1
SSDEEP

24576:cY3tjSqaCv8laDZ1fOnYKqZlypz2a0jZAqM/9wnaDIjCcccemf4yP4LLVjOxIR:1dlawnaDIjImf4Fq

Score

8^/10

bootkit discovery motw persistence phishing upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

windinject.exe

Resource

win10v2004-20240802-en

bootkit discovery motw persistence phishing upx

windows10-2004-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  windinject.exe
- Size
  
  1.3MB
- MD5
  
  084186408c3a3c3cbce4239b8d979cd9
- SHA1
  
  a918568f552d4245d47482dd80494623e267b987
- SHA256
  
  0ce9a490c10e426b0d442480d75d3327967a063daf0b2a409671d8c239d2db43
- SHA512
  
  03e0adcfd58e1482885cec3e7256570778f725a0e72d2553634cbb514e9591fabeebfa700ea610d84e295fa57506696a26273f46cd44f085d38b1c114ce12ca1
- SSDEEP
  
  24576:cY3tjSqaCv8laDZ1fOnYKqZlypz2a0jZAqM/9wnaDIjCcccemf4yP4LLVjOxIR:1dlawnaDIjImf4Fq
Score

8^/10

bootkit discovery motw persistence phishing upx
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverymotwpersistencephishingupx

© 2018-2025

Terms | Privacy