Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Drone.exe

windows7-x64

8

Drone.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    37s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2022, 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Drone.exe

  • Size

    10.8MB

  • MD5

    57b60868efc4f80e6d60a7f1d58f6177

  • SHA1

    5bf0ef90b1e61ae4106f1315155f38f79e6212a0

  • SHA256

    60e560ded1b77446fb9fed3bb5b834d72ab321eceb395376f8683b0342ec8a3e

  • SHA512

    5220c803f5c738a219c08d6ba5c9588eb9107a0057e7f8cb079c5450c1ea12a07b22571a22bfefb8fa96a945f330dd67c382da2df9a588668444c9df87e917f4

  • SSDEEP

    196608:LUzUpbDO6DjzpLRUZtO0oAinb4uBJf0W8/LaLn677Sks5FpjsX9DcCui:/pb3dCEb4uBJcW8a67GlPpEiJ

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Drone.exe
    "C:\Users\Admin\AppData\Local\Temp\Drone.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Users\Admin\AppData\Local\Temp\Drone.exe
      "C:\Users\Admin\AppData\Local\Temp\Drone.exe"
      2⤵
      • Loads dropped DLL
      PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-file-l1-2-0.dll
    Filesize

    11KB

    MD5

    34004faa65345221d342763a2d9d2c76

    SHA1

    6e8948cf23c7c5093d427d6704bad894602a6e85

    SHA256

    323ceb361166f5c3a404a40a98388c6cd34bb45af5462b7a50d11c8047281829

    SHA512

    1e1390c75b9ef3e3347e09ae5151ee480e75f7ae0759e0bd67b75b02b25b80c2e7107b45a13fee5cdae6c9ed86a35474989c218a7790cfb80eef9da308317180

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-file-l2-1-0.dll
    Filesize

    11KB

    MD5

    3ea156612d26e640e871fb39c90dd9bd

    SHA1

    98f72761bcc7a6511876c0930a00625972980aae

    SHA256

    18200ba175b02dff3b7c35c9bbdb1e1c1353424ac717550f44a54918e613e0a8

    SHA512

    ef49c3af1ac5a89690a89a42036a1a6ebb29d02ae9267fbffd85bfe748c1c7922cd245a011b19cfdf877a777ea78def9bb366144f341134c4f25fbd833e2f361

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    14KB

    MD5

    0dabba3f149f39b970d55e286f050778

    SHA1

    26d601128e83ac9718d6a8981d4dc7d02760339a

    SHA256

    0cccc5745f6bdc5fddbda1a2494de4ef694e7ee72ac9b232d05c99f9f2d6245d

    SHA512

    7f55d4b47f3c70fe8774c150cb017d7fb8b7865c7ed2b53b66ec0b593d693847c260b92d7bd55fc60ecb79dcfe3700707bfc04e4f76f23ac4445e39d1a059804

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    12KB

    MD5

    c22f816975c4032a6cc945b888cf1e14

    SHA1

    79e99924554dd12aea74fb346a66debbee3230b7

    SHA256

    39b177f180b7e8f21d10a74d217cb84429e92fbf2b07fdfc3d1dff1056903307

    SHA512

    09b5c954ff0ea494c61f458f7e586df1f11db4380f01c615f82f9367fc4011ef7d1bef8c0ae628384d6f9774427cb98931480d1005c6d5cde2581ab38ed622ce

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    12KB

    MD5

    7331299924ffdc94d1d62ce3d5da8199

    SHA1

    07743d83abd9a9ca0fcdb879d7b0ab388ee04945

    SHA256

    d64eed2bd030dcc42f6e1f5f8a0a422958dbe58cec6ba2e5ac1546c3b6419dd3

    SHA512

    9b722c37cfc4a6e34712c01244ed1f781a7373b527e69c5c53bc78e2e288c2df978fead8879d9765a5c6d5b987edf2a4345a89a575e3532f956c4bee789e0571

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI14522\python310.dll
    Filesize

    1.4MB

    MD5

    99cb804abc9a8f4cb8d08d77e515dcb7

    SHA1

    0d833cb729f3d5c845491b61b47018c82065f4ad

    SHA256

    8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

    SHA512

    43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI14522\ucrtbase.dll
    Filesize

    986KB

    MD5

    84514432690f7cf190b1647adf1b1c9c

    SHA1

    d6d7b26baab64bda6a30f158d5f1fa4f28960f60

    SHA256

    7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

    SHA512

    fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-file-l1-2-0.dll
    Filesize

    11KB

    MD5

    34004faa65345221d342763a2d9d2c76

    SHA1

    6e8948cf23c7c5093d427d6704bad894602a6e85

    SHA256

    323ceb361166f5c3a404a40a98388c6cd34bb45af5462b7a50d11c8047281829

    SHA512

    1e1390c75b9ef3e3347e09ae5151ee480e75f7ae0759e0bd67b75b02b25b80c2e7107b45a13fee5cdae6c9ed86a35474989c218a7790cfb80eef9da308317180

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-file-l2-1-0.dll
    Filesize

    11KB

    MD5

    3ea156612d26e640e871fb39c90dd9bd

    SHA1

    98f72761bcc7a6511876c0930a00625972980aae

    SHA256

    18200ba175b02dff3b7c35c9bbdb1e1c1353424ac717550f44a54918e613e0a8

    SHA512

    ef49c3af1ac5a89690a89a42036a1a6ebb29d02ae9267fbffd85bfe748c1c7922cd245a011b19cfdf877a777ea78def9bb366144f341134c4f25fbd833e2f361

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    14KB

    MD5

    0dabba3f149f39b970d55e286f050778

    SHA1

    26d601128e83ac9718d6a8981d4dc7d02760339a

    SHA256

    0cccc5745f6bdc5fddbda1a2494de4ef694e7ee72ac9b232d05c99f9f2d6245d

    SHA512

    7f55d4b47f3c70fe8774c150cb017d7fb8b7865c7ed2b53b66ec0b593d693847c260b92d7bd55fc60ecb79dcfe3700707bfc04e4f76f23ac4445e39d1a059804

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    12KB

    MD5

    c22f816975c4032a6cc945b888cf1e14

    SHA1

    79e99924554dd12aea74fb346a66debbee3230b7

    SHA256

    39b177f180b7e8f21d10a74d217cb84429e92fbf2b07fdfc3d1dff1056903307

    SHA512

    09b5c954ff0ea494c61f458f7e586df1f11db4380f01c615f82f9367fc4011ef7d1bef8c0ae628384d6f9774427cb98931480d1005c6d5cde2581ab38ed622ce

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14522\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    12KB

    MD5

    7331299924ffdc94d1d62ce3d5da8199

    SHA1

    07743d83abd9a9ca0fcdb879d7b0ab388ee04945

    SHA256

    d64eed2bd030dcc42f6e1f5f8a0a422958dbe58cec6ba2e5ac1546c3b6419dd3

    SHA512

    9b722c37cfc4a6e34712c01244ed1f781a7373b527e69c5c53bc78e2e288c2df978fead8879d9765a5c6d5b987edf2a4345a89a575e3532f956c4bee789e0571

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14522\python310.dll
    Filesize

    1.4MB

    MD5

    99cb804abc9a8f4cb8d08d77e515dcb7

    SHA1

    0d833cb729f3d5c845491b61b47018c82065f4ad

    SHA256

    8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

    SHA512

    43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI14522\ucrtbase.dll
    Filesize

    986KB

    MD5

    84514432690f7cf190b1647adf1b1c9c

    SHA1

    d6d7b26baab64bda6a30f158d5f1fa4f28960f60

    SHA256

    7308faa2bed2a9bef4316fab4a7f51b445bf2d73453aeb2b83662f82682edf5d

    SHA512

    fcd3324308c77b15062ab37fa61591a53f6c961bae8387e86fdbb9fe1b988bc16fcfe0c89b92835828830aaeff3b04ec46280623edf0caf1a8ff0b1a1e6e65dc

    Download Submit