6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

EpicInstal....1.msi

windows7-x64

8

EpicInstal....1.msi

windows10-2004-x64

8

Resubmissions

05/10/2024, 18:48

241005-xf36wayhmn 8

Sharing

General

Target

EpicInstaller-15.17.1.msi
Size

176.5MB
Sample

241005-xf36wayhmn
MD5

7a2cf04ac0c504a8ea5aed805dde484d
SHA1

0536d7a178d1a42cea1476ea6b44bc53ed26bc63
SHA256

6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
SHA512

42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
SSDEEP

3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

EpicInstaller-15.17.1.msi

Resource

win7-20240903-en

discovery persistence privilege_escalation

windows7-x64

20 signatures

120 seconds

Behavioral task

behavioral2

Sample

EpicInstaller-15.17.1.msi

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation

windows10-2004-x64

21 signatures

120 seconds

Malware Config

Targets

- Target
  
  EpicInstaller-15.17.1.msi
- Size
  
  176.5MB
- MD5
  
  7a2cf04ac0c504a8ea5aed805dde484d
- SHA1
  
  0536d7a178d1a42cea1476ea6b44bc53ed26bc63
- SHA256
  
  6f3f486d7a8409fc174198818c039152c6268bd9fdf210ee6be1c91bf832b7e9
- SHA512
  
  42aeed1d015ab279df3065e04adff8001672a13180f4d73121ace3bc8989783f12c7a5d0b50c684c74fd138fc1b4f451439acd7b6342d4f60c7d3a18034e0988
- SSDEEP
  
  3145728:oyKHxXZR5bsPL+buxE4ynkX+kKbtt3V8mIeDLhZ8muXNNE7byK88OmTZbOW/rXi:IP4PAwUnkuk8BNbLIxg7bUQ
Score

8^/10

discovery persistence privilege_escalation
- Blocklisted process makes network request
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

File and Directory Permissions Modification

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy