8c204424ac62ff49d98d90f1e86867e022da5ca6466d58dc079eb93e06948379 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

8fd6362231...0N.exe

windows7-x64

7

8fd6362231...0N.exe

windows10-2004-x64

7

Sharing

General

Target

8fd63622315516d3833bcc44b7ebc090N
Size

59KB
Sample

240908-e69r8swhqq
MD5

8fd63622315516d3833bcc44b7ebc090
SHA1

22222b28ad2514507fd74f258a1e94671bad17db
SHA256

8c204424ac62ff49d98d90f1e86867e022da5ca6466d58dc079eb93e06948379
SHA512

69897308f096d8766d588fc86fd5355f2a5fc35e4a675bbb4914cf3b3ebfabc4cf2209b0c798b31cd7a8ab0742168faa91b2843c56d84fc81187d9e51bcc691c
SSDEEP

1536:3+ZgwRdiE8cO4p1xRjfTvSq5r3ZiIZ4nouy8uh1aQJ:OeodiUO4p13b9HiIeoutuh1aQJ

Score

7^/10

defense_evasion discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8fd63622315516d3833bcc44b7ebc090N.exe

Resource

win7-20240903-en

defense_evasion discovery persistence upx

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

8fd63622315516d3833bcc44b7ebc090N.exe

Resource

win10v2004-20240802-en

defense_evasion discovery persistence upx

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  8fd63622315516d3833bcc44b7ebc090N
- Size
  
  59KB
- MD5
  
  8fd63622315516d3833bcc44b7ebc090
- SHA1
  
  22222b28ad2514507fd74f258a1e94671bad17db
- SHA256
  
  8c204424ac62ff49d98d90f1e86867e022da5ca6466d58dc079eb93e06948379
- SHA512
  
  69897308f096d8766d588fc86fd5355f2a5fc35e4a675bbb4914cf3b3ebfabc4cf2209b0c798b31cd7a8ab0742168faa91b2843c56d84fc81187d9e51bcc691c
- SSDEEP
  
  1536:3+ZgwRdiE8cO4p1xRjfTvSq5r3ZiIZ4nouy8uh1aQJ:OeodiUO4p13b9HiIeoutuh1aQJ
Score

7^/10

defense_evasion discovery persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceupx

behavioral2

defense_evasiondiscoverypersistenceupx

© 2018-2025

Terms | Privacy