2e08fe695a58e1430e7425bfc093df2e723f3a3f982d585584ce198c646ebe89 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2e08fe695a...9N.exe

windows7-x64

8

2e08fe695a...9N.exe

windows10-2004-x64

8

Sharing

General

Target

2e08fe695a58e1430e7425bfc093df2e723f3a3f982d585584ce198c646ebe89N
Size

70KB
Sample

240921-j7ncvasgqn
MD5

0f42ebc2d3d4ffb179abb3101cb8b8c0
SHA1

a8893cde6977ffce74282bfcb76e8a666d54c8a9
SHA256

2e08fe695a58e1430e7425bfc093df2e723f3a3f982d585584ce198c646ebe89
SHA512

e4264bf273dbed238000ef446aaf3d40ba9348d2f23fc0b8783821bf0bbfa099ccf34173433b0f46823cd01952e697148a0fe52aa989e9cf10020f63ebdd3c4e
SSDEEP

768:urItKyw5WHXfQmjIiIk9ecAaHSHMb96FyXRDLdXDffff3lkkkmp:ur3Z5IfQmv81ayo2yXpZXX

Score

8^/10

defense_evasion discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2e08fe695a58e1430e7425bfc093df2e723f3a3f982d585584ce198c646ebe89N.exe

Resource

win7-20240903-en

defense_evasion discovery evasion

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

2e08fe695a58e1430e7425bfc093df2e723f3a3f982d585584ce198c646ebe89N.exe

Resource

win10v2004-20240802-en

defense_evasion discovery evasion

windows10-2004-x64

10 signatures

120 seconds

Malware Config

Targets

- Target
  
  2e08fe695a58e1430e7425bfc093df2e723f3a3f982d585584ce198c646ebe89N
- Size
  
  70KB
- MD5
  
  0f42ebc2d3d4ffb179abb3101cb8b8c0
- SHA1
  
  a8893cde6977ffce74282bfcb76e8a666d54c8a9
- SHA256
  
  2e08fe695a58e1430e7425bfc093df2e723f3a3f982d585584ce198c646ebe89
- SHA512
  
  e4264bf273dbed238000ef446aaf3d40ba9348d2f23fc0b8783821bf0bbfa099ccf34173433b0f46823cd01952e697148a0fe52aa989e9cf10020f63ebdd3c4e
- SSDEEP
  
  768:urItKyw5WHXfQmjIiIk9ecAaHSHMb96FyXRDLdXDffff3lkkkmp:ur3Z5IfQmv81ayo2yXpZXX
Score

8^/10

defense_evasion discovery evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasion

behavioral2

defense_evasiondiscoveryevasion

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.