e1a1965f7aa0252f250125fa83740406d96ffa6e4825e20106b996678cc1263d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

e1a1965f7a...dN.exe

windows7-x64

e1a1965f7a...dN.exe

windows10-2004-x64

Sharing

General

Target

e1a1965f7aa0252f250125fa83740406d96ffa6e4825e20106b996678cc1263dN
Size

582KB
Sample

241003-feznmaygle
MD5

6fc610a744521995dfcd5817591865b0
SHA1

731f90c3839a0badc652f8c230622d7b1e3aa8d4
SHA256

e1a1965f7aa0252f250125fa83740406d96ffa6e4825e20106b996678cc1263d
SHA512

94044da6af713ae4b5d054b1c58476c4bd7d33e3a4e79e0d499088e0efd3789f034575d30f2ae4a33c9e55689069f782828e0a6a4d751f45fccae38352168936
SSDEEP

12288:PFUNDanzcn7EanlQiWtYhmJFSwUBLcQZfgiU:PFOazcn7NlwPUA

Score

10^/10

discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e1a1965f7aa0252f250125fa83740406d96ffa6e4825e20106b996678cc1263dN.exe

Resource

win7-20240903-en

discovery evasion persistence trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

e1a1965f7aa0252f250125fa83740406d96ffa6e4825e20106b996678cc1263dN.exe

Resource

win10v2004-20240802-en

discovery evasion persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  e1a1965f7aa0252f250125fa83740406d96ffa6e4825e20106b996678cc1263dN
- Size
  
  582KB
- MD5
  
  6fc610a744521995dfcd5817591865b0
- SHA1
  
  731f90c3839a0badc652f8c230622d7b1e3aa8d4
- SHA256
  
  e1a1965f7aa0252f250125fa83740406d96ffa6e4825e20106b996678cc1263d
- SHA512
  
  94044da6af713ae4b5d054b1c58476c4bd7d33e3a4e79e0d499088e0efd3789f034575d30f2ae4a33c9e55689069f782828e0a6a4d751f45fccae38352168936
- SSDEEP
  
  12288:PFUNDanzcn7EanlQiWtYhmJFSwUBLcQZfgiU:PFOazcn7NlwPUA
Score

10^/10

discovery evasion persistence trojan upx
- Modifies security service
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2025

Terms | Privacy