fac325a36b8101e393be47f2ccd976faec2355792e3b7e8ac032de1400abfd17 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

fac325a36b...17.exe

windows7-x64

8

fac325a36b...17.exe

windows10-2004-x64

8

Sharing

General

Target

fac325a36b8101e393be47f2ccd976faec2355792e3b7e8ac032de1400abfd17
Size

15.1MB
Sample

240907-jfqnwssdpr
MD5

0154ec0366d40a5e7e63bd0ecd0c30e2
SHA1

618c8ed461d519d63da1e36dc087653754384acb
SHA256

fac325a36b8101e393be47f2ccd976faec2355792e3b7e8ac032de1400abfd17
SHA512

c4375a8712b85f3f52ddb5d7955e97948552dd1117f372a66704dd5eae89957cd4f7363f47d9d33d9996f4f3c3b68c2c47f676e852a30f0d75b2687889f4f51a
SSDEEP

393216:5vNE5rsfmsABGYgCWGrNfYpimTdSkAVHge5iNhZym36tQM:RK5rs+s+gCJYpFd2ge5iNhBLM

Score

8^/10

discovery evasion persistence privilege_escalation vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fac325a36b8101e393be47f2ccd976faec2355792e3b7e8ac032de1400abfd17.exe

Resource

win7-20240704-en

discovery evasion persistence privilege_escalation vmprotect

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

fac325a36b8101e393be47f2ccd976faec2355792e3b7e8ac032de1400abfd17.exe

Resource

win10v2004-20240802-en

discovery evasion persistence privilege_escalation vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fac325a36b8101e393be47f2ccd976faec2355792e3b7e8ac032de1400abfd17
- Size
  
  15.1MB
- MD5
  
  0154ec0366d40a5e7e63bd0ecd0c30e2
- SHA1
  
  618c8ed461d519d63da1e36dc087653754384acb
- SHA256
  
  fac325a36b8101e393be47f2ccd976faec2355792e3b7e8ac032de1400abfd17
- SHA512
  
  c4375a8712b85f3f52ddb5d7955e97948552dd1117f372a66704dd5eae89957cd4f7363f47d9d33d9996f4f3c3b68c2c47f676e852a30f0d75b2687889f4f51a
- SSDEEP
  
  393216:5vNE5rsfmsABGYgCWGrNfYpimTdSkAVHge5iNhZym36tQM:RK5rs+s+gCJYpFd2ge5iNhBLM
Score

8^/10

discovery evasion persistence privilege_escalation vmprotect
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalationvmprotect

behavioral2

discoveryevasionpersistenceprivilege_escalationvmprotect

© 2018-2025

Terms | Privacy