be40862059a0af3e38dadff81101857894611a6fa8b7fc0f69aef382a311a6d7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Buff Achie...er.exe

windows10-2004-x64

5

Sharing

General

Target

Buff Achievement Tracker - Installer.exe
Size

2.1MB
Sample

241009-2t5n3szhkd
MD5

4aef76b2b5be3aa5e66720f362a91055
SHA1

9b0f51fa0b4c85849dc4c6f382b57da3dc854b11
SHA256

be40862059a0af3e38dadff81101857894611a6fa8b7fc0f69aef382a311a6d7
SHA512

023695d2de20dacb610f3e92dbb587aa7ebd9b9512696f6047632197b7ace9f52c6cea9daa804650cc7b48513a0358451c8b47da4822bb53abac89c0153b63e0
SSDEEP

49152:cyb8YxE87vxpsrFpIvjRy1up/g1+sCYHzNsxicUm:c68aPN+TIvj81upG+8HF

Score

7^/10

discovery persistence privilege_escalation upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Buff Achievement Tracker - Installer.exe

Resource

win10v2004-20241007-en

discovery persistence privilege_escalation

windows10-2004-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Buff Achievement Tracker - Installer.exe
- Size
  
  2.1MB
- MD5
  
  4aef76b2b5be3aa5e66720f362a91055
- SHA1
  
  9b0f51fa0b4c85849dc4c6f382b57da3dc854b11
- SHA256
  
  be40862059a0af3e38dadff81101857894611a6fa8b7fc0f69aef382a311a6d7
- SHA512
  
  023695d2de20dacb610f3e92dbb587aa7ebd9b9512696f6047632197b7ace9f52c6cea9daa804650cc7b48513a0358451c8b47da4822bb53abac89c0153b63e0
- SSDEEP
  
  49152:cyb8YxE87vxpsrFpIvjRy1up/g1+sCYHzNsxicUm:c68aPN+TIvj81upG+8HF
Score

5^/10

discovery persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy