1c0cfd2df682cd04b36c2f800d26885cddb2584e2f9ccfa524b5361d7da5e1f0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Setup_Acco...er.exe

windows7-x64

7

Setup_Acco...er.exe

windows10-2004-x64

7

Sharing

General

Target

Setup_AccountManager.exe
Size

356.5MB
Sample

240906-q3ba2szfmb
MD5

ee89d9c23cbd9e3d95186b63036590ba
SHA1

0c6e60760615292071992df7e1798857ea543de3
SHA256

1c0cfd2df682cd04b36c2f800d26885cddb2584e2f9ccfa524b5361d7da5e1f0
SHA512

2c7fee89a07e45610d4130741325890adb21d55d521670af88e4adb7cfd3ca0b4fa4de5ae61de348b3538815146c673abecaf88e8d20f0128fbd5df672280823
SSDEEP

6291456:kNMAmoa+1xzdLEv/440fyFnyEZ6tZF/sGuNJzO1eNaLtA22s1V1WbauWsrxc1:sNmopxzdLEYrKn+PF/AJzO1JLUgV1gWX

Score

7^/10

discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup_AccountManager.exe

Resource

win7-20240903-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup_AccountManager.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Setup_AccountManager.exe
- Size
  
  356.5MB
- MD5
  
  ee89d9c23cbd9e3d95186b63036590ba
- SHA1
  
  0c6e60760615292071992df7e1798857ea543de3
- SHA256
  
  1c0cfd2df682cd04b36c2f800d26885cddb2584e2f9ccfa524b5361d7da5e1f0
- SHA512
  
  2c7fee89a07e45610d4130741325890adb21d55d521670af88e4adb7cfd3ca0b4fa4de5ae61de348b3538815146c673abecaf88e8d20f0128fbd5df672280823
- SSDEEP
  
  6291456:kNMAmoa+1xzdLEv/440fyFnyEZ6tZF/sGuNJzO1eNaLtA22s1V1WbauWsrxc1:sNmopxzdLEYrKn+PF/AJzO1JLUgV1gWX
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Password Policy Discovery
  Attempt to access detailed information about the password policy used within an enterprise network.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Password Policy Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy