Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

07c7371103...b8.exe

windows7-x64

8

07c7371103...b8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    130s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 06:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8.exe

  • Size

    274KB

  • MD5

    101ca0df13e8d04c6ed5151e2dea9d31

  • SHA1

    d0f2507c6c9eaa9c9005cdaff2037f7cd66d9fca

  • SHA256

    07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8

  • SHA512

    60724aa0e019138bf3ae7bb677bb2d4d2ea80c91a491c4c8ce14013d61b7a6c87c5e14e8885f8023057d9bf41e8a3d8810ba1c893d29b72ad3ac59d233a3bef9

  • SSDEEP

    6144:OEoFd1LTc4vEKO7iw3Gw3qkjcXKXYUSxteI:FoF/ZvvbEG5Ht

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8.exe
    "C:\Users\Admin\AppData\Local\Temp\07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Users\Admin\AppData\Local\Temp\Favorite.exe
      C:\Users\Admin\AppData\Local\Temp\Favorite.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1740
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\deleteself.bat
      2⤵
      • Deletes itself
      PID:1832

Network

    No results found
  • 220.90.213.158:80
    Favorite.exe
    152 B
     3
  • 220.90.213.158:80
    Favorite.exe
    152 B
     3
  • 221.143.48.236:80
    07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8.exe
    152 B
     120 B
     3
    3
  • 220.90.213.158:80
    Favorite.exe
    152 B
     3
  • 220.90.213.158:80
    Favorite.exe
    152 B
     3
  • 220.90.213.158:80
    Favorite.exe
    152 B
     3
  • 220.90.213.158:80
    Favorite.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Favorite.exe
    Filesize

    274KB

    MD5

    101ca0df13e8d04c6ed5151e2dea9d31

    SHA1

    d0f2507c6c9eaa9c9005cdaff2037f7cd66d9fca

    SHA256

    07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8

    SHA512

    60724aa0e019138bf3ae7bb677bb2d4d2ea80c91a491c4c8ce14013d61b7a6c87c5e14e8885f8023057d9bf41e8a3d8810ba1c893d29b72ad3ac59d233a3bef9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\deleteself.bat
    Filesize

    296B

    MD5

    463837200324d7b70c492e297e68b6dd

    SHA1

    7f05ff7346aa904969923d0ba018a2c8bcc265c0

    SHA256

    b16c6cd3f5717480f30bf9b331610f245ab4cf91e5d476d7aab0bf78b4b82d8b

    SHA512

    3a7f5d4b632cc5002c265a34e83d04dd723cf801f0b9ff036c6130d8ff06018dacccbaa5748ad533273da19e84975c5a884cb5f5ec95d5bb929e4512cc979aa6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Favorite.exe
    Filesize

    274KB

    MD5

    101ca0df13e8d04c6ed5151e2dea9d31

    SHA1

    d0f2507c6c9eaa9c9005cdaff2037f7cd66d9fca

    SHA256

    07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8

    SHA512

    60724aa0e019138bf3ae7bb677bb2d4d2ea80c91a491c4c8ce14013d61b7a6c87c5e14e8885f8023057d9bf41e8a3d8810ba1c893d29b72ad3ac59d233a3bef9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Favorite.exe
    Filesize

    274KB

    MD5

    101ca0df13e8d04c6ed5151e2dea9d31

    SHA1

    d0f2507c6c9eaa9c9005cdaff2037f7cd66d9fca

    SHA256

    07c73711038e0d36aac6e557e2009b75511b1958e332d89e29b283347f2373b8

    SHA512

    60724aa0e019138bf3ae7bb677bb2d4d2ea80c91a491c4c8ce14013d61b7a6c87c5e14e8885f8023057d9bf41e8a3d8810ba1c893d29b72ad3ac59d233a3bef9

    Download Submit

  • memory/1364-54-0x0000000075281000-0x0000000075283000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1364-55-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/1364-61-0x0000000002150000-0x00000000021F7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/1364-63-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/1364-66-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

  • memory/1740-62-0x0000000000400000-0x00000000004A7000-memory.dmp

    Filesize

    668KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.