4b0b7c548371697f703817d57300d421297fe771a8d900111f41f7cfb7eb5096 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

4b0b7c5483...96.exe

windows7-x64

8

4b0b7c5483...96.exe

windows10-2004-x64

8

Sharing

General

Target

4b0b7c548371697f703817d57300d421297fe771a8d900111f41f7cfb7eb5096
Size

201KB
Sample

240913-h1hcks1amj
MD5

0d653f6ed17965f1062dc7ccbaee7f42
SHA1

efa31100972404aba01b6feff3043667b2e20c57
SHA256

4b0b7c548371697f703817d57300d421297fe771a8d900111f41f7cfb7eb5096
SHA512

96bb805bba3b67135bc4f5eb41444581881c313b4aec314bf4eb9a0c6f7677786737991f432ed9134f5dc999d20d59d4fe3941b364af0e01e04f19f927524fce
SSDEEP

3072:a74MyJjjlLzVjN50BdQqlYgp72xzbuawaGO0OJw8KWs6IgVLE7QkfIA:awj30dlZ+GVaRVLE7QkfI

Score

8^/10

bootkit discovery persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4b0b7c548371697f703817d57300d421297fe771a8d900111f41f7cfb7eb5096.exe

Resource

win7-20240903-en

bootkit discovery persistence spyware stealer upx

windows7-x64

17 signatures

60 seconds

Behavioral task

behavioral2

Sample

4b0b7c548371697f703817d57300d421297fe771a8d900111f41f7cfb7eb5096.exe

Resource

win10v2004-20240802-en

bootkit discovery persistence spyware stealer upx

windows10-2004-x64

18 signatures

60 seconds

Malware Config

Targets

- Target
  
  4b0b7c548371697f703817d57300d421297fe771a8d900111f41f7cfb7eb5096
- Size
  
  201KB
- MD5
  
  0d653f6ed17965f1062dc7ccbaee7f42
- SHA1
  
  efa31100972404aba01b6feff3043667b2e20c57
- SHA256
  
  4b0b7c548371697f703817d57300d421297fe771a8d900111f41f7cfb7eb5096
- SHA512
  
  96bb805bba3b67135bc4f5eb41444581881c313b4aec314bf4eb9a0c6f7677786737991f432ed9134f5dc999d20d59d4fe3941b364af0e01e04f19f927524fce
- SSDEEP
  
  3072:a74MyJjjlLzVjN50BdQqlYgp72xzbuawaGO0OJw8KWs6IgVLE7QkfIA:awj30dlZ+GVaRVLE7QkfI
Score

8^/10

bootkit discovery persistence spyware stealer upx
- Blocklisted process makes network request
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealerupx

behavioral2

bootkitdiscoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy