a8708d98185364e876e7456b06182e9786a615d91040814f040cc46f18eb1c22 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

a8708d9818...22.exe

windows7-x64

8

a8708d9818...22.exe

windows10-2004-x64

8

Sharing

General

Target

a8708d98185364e876e7456b06182e9786a615d91040814f040cc46f18eb1c22
Size

37KB
Sample

241006-bc9ctsserh
MD5

8cc6010309813e21a5d39d3b02bc6e4e
SHA1

7b7c6e463d22cd449147faff042bc33d0b7e34e1
SHA256

a8708d98185364e876e7456b06182e9786a615d91040814f040cc46f18eb1c22
SHA512

2ce7175ca673256fff19aa3f3eaf1311b6338ea41b67368848ae2d844d095e7dd00d7d22527d2668600cb1d63b8e982c0188013d086b93721a21936f434e3129
SSDEEP

768:LCRfCvm23OTnm7NSBTyS5qDRa7DrtlHO3333WUUUYLG+++/:WVCvmrK7NSNymqDet5bT

Score

8^/10

defense_evasion discovery evasion

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a8708d98185364e876e7456b06182e9786a615d91040814f040cc46f18eb1c22.exe

Resource

win7-20240903-en

defense_evasion discovery evasion

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a8708d98185364e876e7456b06182e9786a615d91040814f040cc46f18eb1c22.exe

Resource

win10v2004-20240802-en

defense_evasion discovery evasion

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a8708d98185364e876e7456b06182e9786a615d91040814f040cc46f18eb1c22
- Size
  
  37KB
- MD5
  
  8cc6010309813e21a5d39d3b02bc6e4e
- SHA1
  
  7b7c6e463d22cd449147faff042bc33d0b7e34e1
- SHA256
  
  a8708d98185364e876e7456b06182e9786a615d91040814f040cc46f18eb1c22
- SHA512
  
  2ce7175ca673256fff19aa3f3eaf1311b6338ea41b67368848ae2d844d095e7dd00d7d22527d2668600cb1d63b8e982c0188013d086b93721a21936f434e3129
- SSDEEP
  
  768:LCRfCvm23OTnm7NSBTyS5qDRa7DrtlHO3333WUUUYLG+++/:WVCvmrK7NSNymqDet5bT
Score

8^/10

defense_evasion discovery evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasion

behavioral2

defense_evasiondiscoveryevasion

© 2018-2025

Terms | Privacy