Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3c2a919d19...6b.exe

windows7-x64

8

3c2a919d19...6b.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    152s
  • max time network
    104s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c2a919d1929baee99c211aad94e7ca10e190795d4083d8f734e0954bdba8b6b.exe

  • Size

    149KB

  • MD5

    6f7310062f3c3b6ef1765b0127c126b1

  • SHA1

    f3769a2336a634b12af930cfe1c7b6d4d10702b1

  • SHA256

    3c2a919d1929baee99c211aad94e7ca10e190795d4083d8f734e0954bdba8b6b

  • SHA512

    579c6ad578b3bc54b80cc708ba287ef2613b89df093ca84b3bb9846a8eca1abd55627883faf58846b45dc6c87e5edfe86c70b0cc0e0a7ca2f16f11138ad69e0c

  • SSDEEP

    3072:phtrB10Eg075HaC3WPswZXwUH3xJSAt1:F0EpV3WXt9XxJSA

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c2a919d1929baee99c211aad94e7ca10e190795d4083d8f734e0954bdba8b6b.exe
    "C:\Users\Admin\AppData\Local\Temp\3c2a919d1929baee99c211aad94e7ca10e190795d4083d8f734e0954bdba8b6b.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Windows\msa.exe
      C:\Windows\msa.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:1004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
    Filesize

    408B

    MD5

    4b8aa351b92f9d46d69f0c46d77fe464

    SHA1

    7f57776165f95527ee2a865ecdd70d5d2db46787

    SHA256

    a4be62259c7cfe12265cf715d38bbfe8777662eccb821da1d5d97fdf209ea018

    SHA512

    b1a58a51007ffa124e914bb97d645635d794e7eaa21298ebc8bba14230c7af815c111a8a008e6497716a3efb706dff4363f34088e845c4b0cf307313d70e75ed

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    149KB

    MD5

    6f7310062f3c3b6ef1765b0127c126b1

    SHA1

    f3769a2336a634b12af930cfe1c7b6d4d10702b1

    SHA256

    3c2a919d1929baee99c211aad94e7ca10e190795d4083d8f734e0954bdba8b6b

    SHA512

    579c6ad578b3bc54b80cc708ba287ef2613b89df093ca84b3bb9846a8eca1abd55627883faf58846b45dc6c87e5edfe86c70b0cc0e0a7ca2f16f11138ad69e0c

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    149KB

    MD5

    6f7310062f3c3b6ef1765b0127c126b1

    SHA1

    f3769a2336a634b12af930cfe1c7b6d4d10702b1

    SHA256

    3c2a919d1929baee99c211aad94e7ca10e190795d4083d8f734e0954bdba8b6b

    SHA512

    579c6ad578b3bc54b80cc708ba287ef2613b89df093ca84b3bb9846a8eca1abd55627883faf58846b45dc6c87e5edfe86c70b0cc0e0a7ca2f16f11138ad69e0c

    Download Submit

  • memory/1004-60-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/1004-64-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/1760-54-0x0000000076181000-0x0000000076183000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1760-55-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/1760-56-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/1760-62-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download