94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

94c0f585ae...2a.exe

windows7-x64

8

94c0f585ae...2a.exe

windows10-2004-x64

8

Sharing

General

Target

94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a
Size

143KB
Sample

241009-3gcm7swhpq
MD5

ade1c69631157fc84a5b2dbf6c4b3dcc
SHA1

386d234d47eb1e09a333b2bccf909303dee8eb5d
SHA256

94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a
SHA512

2d8ebc9243eae4654587e1cce50777e4e04331bc28c68178e82f8e31cd75080fabe9cbc5376f7702a63911cc325275a8fcac630f3ffaa7dc32f278031e45bcd8
SSDEEP

3072:i1i/NU8bOMYcYYcmy5cU+gTn6HOjDhWrzvvQwlgO5v1i/NU82OMYcYYamv5b:ci/NjO5YBgegD0PHzSwi/N+O7

Score

8^/10

defense_evasion discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a.exe

Resource

win7-20240903-en

defense_evasion discovery persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a.exe

Resource

win10v2004-20241007-en

defense_evasion discovery persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a
- Size
  
  143KB
- MD5
  
  ade1c69631157fc84a5b2dbf6c4b3dcc
- SHA1
  
  386d234d47eb1e09a333b2bccf909303dee8eb5d
- SHA256
  
  94c0f585aefffcfb17a9ae892804f849c49e3d0ef8027cb64d15e53d4799f42a
- SHA512
  
  2d8ebc9243eae4654587e1cce50777e4e04331bc28c68178e82f8e31cd75080fabe9cbc5376f7702a63911cc325275a8fcac630f3ffaa7dc32f278031e45bcd8
- SSDEEP
  
  3072:i1i/NU8bOMYcYYcmy5cU+gTn6HOjDhWrzvvQwlgO5v1i/NU82OMYcYYamv5b:ci/NjO5YBgegD0PHzSwi/N+O7
Score

8^/10

defense_evasion discovery persistence upx
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceupx

behavioral2

defense_evasiondiscoverypersistenceupx

© 2018-2025

Terms | Privacy