Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

337ab03fe0...b6.exe

windows7_x64

10

337ab03fe0...b6.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/06/2022, 02:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    337ab03fe0907ec65570d11d52cfd0e74d3804ca8ec53419ee4a832bb3b47db6.exe

  • Size

    607KB

  • MD5

    6b652b5c7c5224113c295493083800ba

  • SHA1

    69c36cc23cf3d07619b548a8dd80d2de260a7171

  • SHA256

    337ab03fe0907ec65570d11d52cfd0e74d3804ca8ec53419ee4a832bb3b47db6

  • SHA512

    b85614dd89a94b6dd43f68a83dd17fe922adbd9c3696b3de7ec1bf64cc52459be01d93c24cf31b102e7e33604da9fe3cb0f4de4e91207b6860c2f8adfd2ef597

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\337ab03fe0907ec65570d11d52cfd0e74d3804ca8ec53419ee4a832bb3b47db6.exe
    "C:\Users\Admin\AppData\Local\Temp\337ab03fe0907ec65570d11d52cfd0e74d3804ca8ec53419ee4a832bb3b47db6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:1456

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    608KB

    MD5

    a2380115e38c05e743b69c8132a27987

    SHA1

    ec4508bfb5dd5dc2cfdc866980a64239fb19bdb7

    SHA256

    58dd16bc67f303729413d2feb8e9044e77c1ea78ebd9d14b7f3b5f88d1ede598

    SHA512

    0c74082bb2eab6c1d9d395bf6824ab8e0a246b010aeff01c2a6c18524a7ab6728afa4843de93e3cca350002f6ea4335a083bdafea9e89fc6b7f82a3de0d7c1ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    608KB

    MD5

    a2380115e38c05e743b69c8132a27987

    SHA1

    ec4508bfb5dd5dc2cfdc866980a64239fb19bdb7

    SHA256

    58dd16bc67f303729413d2feb8e9044e77c1ea78ebd9d14b7f3b5f88d1ede598

    SHA512

    0c74082bb2eab6c1d9d395bf6824ab8e0a246b010aeff01c2a6c18524a7ab6728afa4843de93e3cca350002f6ea4335a083bdafea9e89fc6b7f82a3de0d7c1ee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    608KB

    MD5

    a2380115e38c05e743b69c8132a27987

    SHA1

    ec4508bfb5dd5dc2cfdc866980a64239fb19bdb7

    SHA256

    58dd16bc67f303729413d2feb8e9044e77c1ea78ebd9d14b7f3b5f88d1ede598

    SHA512

    0c74082bb2eab6c1d9d395bf6824ab8e0a246b010aeff01c2a6c18524a7ab6728afa4843de93e3cca350002f6ea4335a083bdafea9e89fc6b7f82a3de0d7c1ee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    608KB

    MD5

    a2380115e38c05e743b69c8132a27987

    SHA1

    ec4508bfb5dd5dc2cfdc866980a64239fb19bdb7

    SHA256

    58dd16bc67f303729413d2feb8e9044e77c1ea78ebd9d14b7f3b5f88d1ede598

    SHA512

    0c74082bb2eab6c1d9d395bf6824ab8e0a246b010aeff01c2a6c18524a7ab6728afa4843de93e3cca350002f6ea4335a083bdafea9e89fc6b7f82a3de0d7c1ee

    Download Submit

  • memory/1868-54-0x00000000759E1000-0x00000000759E3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.