Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

2.exe

windows7-x64

10

2.exe

windows10-2004-x64

10

Resubmissions

05/09/2022, 20:38 UTC

220905-ze1qgahfb8 10

05/09/2022, 20:34 UTC

220905-zcs8lsheg5 10

Analysis

  • max time kernel
    56s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2022, 20:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2.exe

  • Size

    472KB

  • MD5

    762bff46f0d8459d2fd83a7dbc0b3103

  • SHA1

    5fdddc577baaa0ba8c7fe6b88be254866c959321

  • SHA256

    cad291a2df541313c6d296dcb798f5565ce591ca94f4649c21bc0e8b7e7a86eb

  • SHA512

    38a1e73a7d3c36817f53311c016a4ddf724dee9531c419298ea1f4452f60e4786ff16f25f5c73e01b7b9af971cc5c1acd323f436667a60ad77a0348f0a3256b5

  • SSDEEP

    6144:WWMjNEqWNAML6edtpVYWNTLq01CQoSE0iHjbRfKugGdGQ/UDlVJHaCV:Wvuq2RL3ddNT+LKugjNTJ6

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2.exe
    "C:\Users\Admin\AppData\Local\Temp\2.exe"
    1⤵
    • Enumerates connected drives
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1972

Network

    No results found
  • 150.242.98.207:80
    2.exe
    152 B
     3
  • 150.242.98.207:80
    2.exe
    152 B
     3
  • 175.178.55.215:5001
    2.exe
    1.1kB
     433 B
     10
    9
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1972-54-0x0000000075501000-0x0000000075503000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-55-0x0000000010000000-0x0000000010018000-memory.dmp

    Filesize

    96KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.