Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3a97473b41...15.exe

windows7-x64

10

3a97473b41...15.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    47s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a97473b414f253e80b393c564ffeb7125651f2202ed5c86553422ef9d924115.exe

  • Size

    256KB

  • MD5

    aff0d310d04cb4c75dcf7094b5ffaa19

  • SHA1

    9f1fa0479a20f251794636737612ca5cc8db4840

  • SHA256

    3a97473b414f253e80b393c564ffeb7125651f2202ed5c86553422ef9d924115

  • SHA512

    eb8b8e09d56651106aa7806c19c2cd38ec209b359cefd98463ecbd9137e526758ad2c5fca9e383da56c44b7f797fea92a5ee130b45a149fba73be4409fa849e6

  • SSDEEP

    6144:gdhbSZaIs6pafHEdensblEyaFTYjibvify:gXGZaepK2ensb+zcjEvify

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1240
      • C:\Users\Admin\AppData\Local\Temp\3a97473b414f253e80b393c564ffeb7125651f2202ed5c86553422ef9d924115.exe
        "C:\Users\Admin\AppData\Local\Temp\3a97473b414f253e80b393c564ffeb7125651f2202ed5c86553422ef9d924115.exe"
        2⤵
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1376
        • C:\Users\Admin\AppData\Local\Temp\server.scr
          "C:\Users\Admin\AppData\Local\Temp\server.scr" /S
          3⤵
          • UAC bypass
          • Windows security bypass
          • Executes dropped EXE
          • Loads dropped DLL
          • Windows security modification
          • Checks whether UAC is enabled
          • Maps connected drives based on registry
          • Suspicious use of SetThreadContext
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1732
          • C:\Users\Admin\AppData\Local\Temp\server.scr
            C:\Users\Admin\AppData\Local\Temp\server.scr
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1068

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • \Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • \Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • \Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • \Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • \Users\Admin\AppData\Local\Temp\server.scr
      Filesize

      228KB

      MD5

      d431a9fbca0e6551861b55a38043ad97

      SHA1

      34386aed41a25f62f648d753c946f97c92dc2d40

      SHA256

      53479cfda1d1c944c94e47d4ad1006269b5dd83b8250bb4bea3872ee2a69ee64

      SHA512

      5da7d734ac75ba7961ad02e7b524d829cf29cbf4dcaef5f5021cb299bc411a10a8f9e4b3ebc4ff43fe82013066016ae560b50df241b648bd8e473bb9dd7d1f52

      Download Submit

    • memory/1068-84-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1068-80-0x0000000000400000-0x0000000000408960-memory.dmp

      Filesize

      34KB

      Download

    • memory/1068-75-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1240-81-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1376-72-0x00000000049E0000-0x0000000004A56000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1376-54-0x0000000075091000-0x0000000075093000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1376-71-0x00000000049E0000-0x0000000004A56000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1376-85-0x00000000049E0000-0x0000000004A56000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1376-86-0x00000000049E0000-0x0000000004A56000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1732-73-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1732-68-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB

      Download

    • memory/1732-87-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB

      Download