564ca659417d57216722caecbfbad71cb4b781dbd19ffd4ec6722f806a9695d2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

sample.html

windows10-1703-x64

8

Sharing

General

Target

sample
Size

117KB
Sample

240825-j167dawamr
MD5

885125c068989b2285f4e35cf4fd20b4
SHA1

07284745056462db1e791745b2d8b0754eb6dd0b
SHA256

564ca659417d57216722caecbfbad71cb4b781dbd19ffd4ec6722f806a9695d2
SHA512

12a89046575499408d892b473b19fa0cffbeeebe28f95a4a3de3b6510cd21721bf6340ae29574b71e8b750d97a0b3d5b43c7d774a2e0ab3735d4c5f8e0f24037
SSDEEP

3072:bWptsFWBDJZrFR9+8KBPUenT7nIO866sgqm:bWDsFWBDJZrFR9+5PUenT7nIO8Df

Score

8^/10

discovery evasion persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win10-20240611-en

discovery evasion persistence privilege_escalation trojan

windows10-1703-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  117KB
- MD5
  
  885125c068989b2285f4e35cf4fd20b4
- SHA1
  
  07284745056462db1e791745b2d8b0754eb6dd0b
- SHA256
  
  564ca659417d57216722caecbfbad71cb4b781dbd19ffd4ec6722f806a9695d2
- SHA512
  
  12a89046575499408d892b473b19fa0cffbeeebe28f95a4a3de3b6510cd21721bf6340ae29574b71e8b750d97a0b3d5b43c7d774a2e0ab3735d4c5f8e0f24037
- SSDEEP
  
  3072:bWptsFWBDJZrFR9+8KBPUenT7nIO866sgqm:bWDsFWBDJZrFR9+5PUenT7nIO8Df
Score

8^/10

discovery evasion persistence privilege_escalation trojan
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy