799c3104265180e35d502af137c228a149e9da6d4f9649cf3ae894a3ccac420e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

799c310426...0e.exe

windows7-x64

8

799c310426...0e.exe

windows10-2004-x64

8

Sharing

General

Target

799c3104265180e35d502af137c228a149e9da6d4f9649cf3ae894a3ccac420e
Size

4.9MB
Sample

241008-2cgkxsxdpf
MD5

d0c220c08ca42e5aefdbe16182437d16
SHA1

58a3e0d4d99126e6dcfa6b447f887a501aac17a2
SHA256

799c3104265180e35d502af137c228a149e9da6d4f9649cf3ae894a3ccac420e
SHA512

0af321e5d1cd80977dc62a2cafaa5476c1779fc837909a6caef72811045320914d68c8f6fa5e21e396039f9027ffc6ded9b6e67f72f97eb7cd7ff374169d867a
SSDEEP

98304:bXsrSs8klHHgshNdkARlbwSvFz23CTEOmmgbQ9+ctpN2LFrVolCNXuKV3EWEUDv9:bXgX8H+kADwIf+JLFrV5+I31vDvXAAM

Score

8^/10

discovery execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

799c3104265180e35d502af137c228a149e9da6d4f9649cf3ae894a3ccac420e.exe

Resource

win7-20240704-en

discovery execution

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

799c3104265180e35d502af137c228a149e9da6d4f9649cf3ae894a3ccac420e.exe

Resource

win10v2004-20241007-en

discovery execution

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  799c3104265180e35d502af137c228a149e9da6d4f9649cf3ae894a3ccac420e
- Size
  
  4.9MB
- MD5
  
  d0c220c08ca42e5aefdbe16182437d16
- SHA1
  
  58a3e0d4d99126e6dcfa6b447f887a501aac17a2
- SHA256
  
  799c3104265180e35d502af137c228a149e9da6d4f9649cf3ae894a3ccac420e
- SHA512
  
  0af321e5d1cd80977dc62a2cafaa5476c1779fc837909a6caef72811045320914d68c8f6fa5e21e396039f9027ffc6ded9b6e67f72f97eb7cd7ff374169d867a
- SSDEEP
  
  98304:bXsrSs8klHHgshNdkARlbwSvFz23CTEOmmgbQ9+ctpN2LFrVolCNXuKV3EWEUDv9:bXgX8H+kADwIf+JLFrV5+I31vDvXAAM
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution

© 2018-2025

Terms | Privacy