02b6675eedc6f5f6fa88bae5e331131c6900501e5b543ff16f839320f6d33cb6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

02b6675eed...6N.exe

windows7-x64

02b6675eed...6N.exe

windows10-2004-x64

Sharing

General

Target

02b6675eedc6f5f6fa88bae5e331131c6900501e5b543ff16f839320f6d33cb6N
Size

234KB
Sample

241011-2hn7yssdkq
MD5

52388efef65151557e386d2829247b20
SHA1

3258e556cd6e3b6a7941dbe3494c060b63448557
SHA256

02b6675eedc6f5f6fa88bae5e331131c6900501e5b543ff16f839320f6d33cb6
SHA512

dc829f5cdc3a8bf618aade862a3920bfc2e88146dd3d85d76e5cf4d36331ac43c6fc7944bd17178fc48fc97c013f9d1eb46c4e9a375c3b2f0708341e9cf4ee6f
SSDEEP

384:PJG14lR/NpKAN+UJfo8vJh/7neuwyv3ZUKcreuDreuwyv3ZUKcreuDj:RFtFe8vJtDeunUreufeunUreuP

Score

10^/10

defense_evasion discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

02b6675eedc6f5f6fa88bae5e331131c6900501e5b543ff16f839320f6d33cb6N.exe

Resource

win7-20240903-en

defense_evasion discovery evasion persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

02b6675eedc6f5f6fa88bae5e331131c6900501e5b543ff16f839320f6d33cb6N.exe

Resource

win10v2004-20241007-en

defense_evasion discovery evasion persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  02b6675eedc6f5f6fa88bae5e331131c6900501e5b543ff16f839320f6d33cb6N
- Size
  
  234KB
- MD5
  
  52388efef65151557e386d2829247b20
- SHA1
  
  3258e556cd6e3b6a7941dbe3494c060b63448557
- SHA256
  
  02b6675eedc6f5f6fa88bae5e331131c6900501e5b543ff16f839320f6d33cb6
- SHA512
  
  dc829f5cdc3a8bf618aade862a3920bfc2e88146dd3d85d76e5cf4d36331ac43c6fc7944bd17178fc48fc97c013f9d1eb46c4e9a375c3b2f0708341e9cf4ee6f
- SSDEEP
  
  384:PJG14lR/NpKAN+UJfo8vJh/7neuwyv3ZUKcreuDreuwyv3ZUKcreuDj:RFtFe8vJtDeunUreufeunUreuP
Score

10^/10

defense_evasion discovery evasion persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionpersistence

behavioral2

defense_evasiondiscoveryevasionpersistence

© 2018-2025

Terms | Privacy