817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

YouAreAnIdiot.zip

windows11-21h2-x64

8

Resubmissions

06/01/2025, 19:49

250106-yj2ynaxqhq 8

06/01/2025, 19:42

250106-ye5hzswjdx 10

Sharing

General

Target

YouAreAnIdiot.zip
Size

223KB
Sample

250106-yj2ynaxqhq
MD5

a7a51358ab9cdf1773b76bc2e25812d9
SHA1

9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256

817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512

3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d
SSDEEP

6144:M9iMNCHRNLhitoVak4jaChlNY4SWn0m3/ottG+DM:7IURthAXk4jBhKWl3/otc+DM

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

YouAreAnIdiot.zip

Resource

win11-20241007-en

defense_evasion discovery persistence privilege_escalation

windows11-21h2-x64

30 signatures

600 seconds

Malware Config

Targets

- Target
  
  YouAreAnIdiot.zip
- Size
  
  223KB
- MD5
  
  a7a51358ab9cdf1773b76bc2e25812d9
- SHA1
  
  9f3befe37f5fbe58bbb9476a811869c5410ee919
- SHA256
  
  817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
- SHA512
  
  3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d
- SSDEEP
  
  6144:M9iMNCHRNLhitoVak4jaChlNY4SWn0m3/ottG+DM:7IURthAXk4jBhKWl3/otc+DM
Score

8^/10

defense_evasion discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy