61f4f71e5068eb7671a980cb889454d12a4dbd8155d6818e09d00208cfda3c4f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

61f4f71e50...4f.exe

windows7-x64

7

61f4f71e50...4f.exe

windows10-2004-x64

7

Sharing

General

Target

61f4f71e5068eb7671a980cb889454d12a4dbd8155d6818e09d00208cfda3c4f
Size

115KB
Sample

240915-cvwp5a1cpf
MD5

095835b9cd6ddea49a82b6766063fdf3
SHA1

a718d729e32829d8b47c7f73f85112987bc3ac51
SHA256

61f4f71e5068eb7671a980cb889454d12a4dbd8155d6818e09d00208cfda3c4f
SHA512

39a1cde419d315b72267c7917489ecaa7c5847bfc605b175aa9988f23438ee4f96b89ef435585751f7451ae696e0f5b00b7d7d841641ca744850f3e032e4702e
SSDEEP

3072:pPJkuJVL2Q2xgs35efEOD8KxLQgSdJO3Wn:MuJmNV43Wn

Score

7^/10

discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

61f4f71e5068eb7671a980cb889454d12a4dbd8155d6818e09d00208cfda3c4f.exe

Resource

win7-20240903-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

61f4f71e5068eb7671a980cb889454d12a4dbd8155d6818e09d00208cfda3c4f.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  61f4f71e5068eb7671a980cb889454d12a4dbd8155d6818e09d00208cfda3c4f
- Size
  
  115KB
- MD5
  
  095835b9cd6ddea49a82b6766063fdf3
- SHA1
  
  a718d729e32829d8b47c7f73f85112987bc3ac51
- SHA256
  
  61f4f71e5068eb7671a980cb889454d12a4dbd8155d6818e09d00208cfda3c4f
- SHA512
  
  39a1cde419d315b72267c7917489ecaa7c5847bfc605b175aa9988f23438ee4f96b89ef435585751f7451ae696e0f5b00b7d7d841641ca744850f3e032e4702e
- SSDEEP
  
  3072:pPJkuJVL2Q2xgs35efEOD8KxLQgSdJO3Wn:MuJmNV43Wn
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy