5874159ac61ab0349f29c8336c6d31d27c4df181318942ace320f4a6c6d24abe | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

mmd khr.exe

windows7-x64

9

mmd khr.exe

windows10-2004-x64

9

Sharing

General

Target

mmd khr.exe
Size

412KB
Sample

241111-nvj7wayflj
MD5

2ca25d8c48231f5dc1b93c200984c499
SHA1

bfdef5b2854f247ab34667a59f53569da675091c
SHA256

5874159ac61ab0349f29c8336c6d31d27c4df181318942ace320f4a6c6d24abe
SHA512

74796b8c114d6b9c389c7a6ebcf33b3fe70e86cacb1387e7524ef3d5f4eab5d6addaac147bf5f8587f7fca8ad0bc2fc81b06eebfdee70127817d0b4ef7009415
SSDEEP

12288:544eTv4x7KjMD8Jn+J270YXiYoaRq6W+oKAH:544eTv4x7KjMD85kYoaRs+Z

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

mmd khr.exe

Resource

win7-20241023-en

ransomware spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

mmd khr.exe

Resource

win10v2004-20241007-en

ransomware spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  mmd khr.exe
- Size
  
  412KB
- MD5
  
  2ca25d8c48231f5dc1b93c200984c499
- SHA1
  
  bfdef5b2854f247ab34667a59f53569da675091c
- SHA256
  
  5874159ac61ab0349f29c8336c6d31d27c4df181318942ace320f4a6c6d24abe
- SHA512
  
  74796b8c114d6b9c389c7a6ebcf33b3fe70e86cacb1387e7524ef3d5f4eab5d6addaac147bf5f8587f7fca8ad0bc2fc81b06eebfdee70127817d0b4ef7009415
- SSDEEP
  
  12288:544eTv4x7KjMD8Jn+J270YXiYoaRq6W+oKAH:544eTv4x7KjMD85kYoaRs+Z
Score

9^/10

ransomware spyware stealer
- Renames multiple (3062) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2025

Terms | Privacy