Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7dd2c583d5...63.exe

windows7-x64

8

7dd2c583d5...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 01:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63.exe

  • Size

    16KB

  • MD5

    f440616f4e196c7a94c055f714960985

  • SHA1

    42f7942c3c9454abc6d69b66c5633a17e65d3df5

  • SHA256

    7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63

  • SHA512

    bac004d0d3d723593ea871c627de0fe296fb21b96fa68cff311d781f2fe223c0d3bd55e24748130ce1613df0b6c2e1ecd1a15bf3af683660b5551aba8348f30b

  • SSDEEP

    384:a4wUAVoSxMqXtrcsgFyeiQ4jK7TaYCSwx5E:nf0oOMqbgFyed8kTvCxy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63.exe
    "C:\Users\Admin\AppData\Local\Temp\7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\del6c8ff1.bat
      2⤵
      • Deletes itself
      PID:1428

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\del6c8ff1.bat
    Filesize

    270B

    MD5

    c85271bd390679dd0b7de9b6f82cdbe4

    SHA1

    a4c5293a14caba51eed4a2a9cf15c8583c694338

    SHA256

    aea03b4f6f2793961aeab20d8d51ba4da01b951463a15fa5f33cd5522c5593bb

    SHA512

    b97c85d64728ac9fef4929feefe2d2982e0bb71a21276d55a6d040b69fcf7523aea5e3f55d230185b4defdb31286988439dc51c8f1ff1fb85f2a3ec86cc7792b

    Download Submit

  • memory/784-54-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/784-56-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download