8b62066da5355c9f115b95df722390c81a0d0aab6ef4e362f79bbee9ca8dabdc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Screenshot...38.png

windows10-2004-x64

8

Resubmissions

24/03/2025, 14:42

250324-r23jks1xds 8

24/03/2025, 14:41

250324-r2v5havmz3 1

Sharing

General

Target

Screenshot 2025-03-21 190538.png
Size

641KB
Sample

250324-r23jks1xds
MD5

fc20d3416c4a3fa901eb616c1075c1cc
SHA1

a40520f225a98f44d039fba92012cbd231ca6691
SHA256

8b62066da5355c9f115b95df722390c81a0d0aab6ef4e362f79bbee9ca8dabdc
SHA512

7de1637049186cb3abb5aa9e91d3a459755de271aee3d6d29842fcb72f0aa1bbbede66a5871af3e2cde0a54e932643ef78e0103cacfee83c82177bbcd734a890
SSDEEP

12288:CP312YuEkb+dHGEKN2dbvid5B65YJ9Zb9hfveEFzQvGo47Tdj:CPMqJKAN6d25YfZPveCz+Z45

Score

8^/10

microsoft defense_evasion discovery phishing trojan

Static task

static1

Behavioral task

behavioral1

Sample

Screenshot 2025-03-21 190538.png

Resource

win10v2004-20250314-en

microsoft defense_evasion discovery phishing trojan

windows10-2004-x64

35 signatures

900 seconds

Malware Config

Targets

- Target
  
  Screenshot 2025-03-21 190538.png
- Size
  
  641KB
- MD5
  
  fc20d3416c4a3fa901eb616c1075c1cc
- SHA1
  
  a40520f225a98f44d039fba92012cbd231ca6691
- SHA256
  
  8b62066da5355c9f115b95df722390c81a0d0aab6ef4e362f79bbee9ca8dabdc
- SHA512
  
  7de1637049186cb3abb5aa9e91d3a459755de271aee3d6d29842fcb72f0aa1bbbede66a5871af3e2cde0a54e932643ef78e0103cacfee83c82177bbcd734a890
- SSDEEP
  
  12288:CP312YuEkb+dHGEKN2dbvid5B65YJ9Zb9hfveEFzQvGo47Tdj:CPMqJKAN6d25YfZPveCz+Z45
Score

8^/10

microsoft defense_evasion discovery phishing trojan
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  defense_evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Network Service Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

microsoftdefense_evasiondiscoveryphishingtrojan

© 2018-2025

Terms | Privacy