Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

819b421a8a...32.exe

windows7-x64

10

819b421a8a...32.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    819b421a8a091a0188468672824fe5383be7ef8f4336b0a92916ca7a129adb32.exe

  • Size

    230KB

  • MD5

    65c87fa0b7c308fff3e155b328b1690a

  • SHA1

    4e84175dd432f24a9ed67cdd0a3ddf6612d96394

  • SHA256

    819b421a8a091a0188468672824fe5383be7ef8f4336b0a92916ca7a129adb32

  • SHA512

    a4647eff5f43f0d1f0955f12fa0e3bd5c61f5cfb510e0e2c886392564c24811871838236bb28e85d6d4bd6026e1f350e7bc987f57677140716ecde1049ab05a1

  • SSDEEP

    3072:TIMa5VPdnLAWeBIg5Si2mVvu3TRENKWH3xPALAiyEv7p5qyt/s7niwK/f+JuKtkk:GDAWw5NV4EBXWAIT/nw08xTm3E

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\819b421a8a091a0188468672824fe5383be7ef8f4336b0a92916ca7a129adb32.exe
    "C:\Users\Admin\AppData\Local\Temp\819b421a8a091a0188468672824fe5383be7ef8f4336b0a92916ca7a129adb32.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:1284

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\AppPatch\svchost.exe
    Filesize

    230KB

    MD5

    09569cf1886d3639f8771aea9fdeb91f

    SHA1

    657066081b67792f0d66f85b30165d75d80e4796

    SHA256

    6f2c2972a06e5000164560ce736a639a6d5ec1f37ed2ca52f0483eef73440571

    SHA512

    c20e569a70fa22113a86b8fe9ef917a9fcb283f0b0594683f2ad9ff8f5dadceaa0bc0239ea748c3b1dd173b091d694ae70760d6fe6a2a2d6a354237fc12ca797

    Download Submit

  • C:\Windows\apppatch\svchost.exe
    Filesize

    230KB

    MD5

    09569cf1886d3639f8771aea9fdeb91f

    SHA1

    657066081b67792f0d66f85b30165d75d80e4796

    SHA256

    6f2c2972a06e5000164560ce736a639a6d5ec1f37ed2ca52f0483eef73440571

    SHA512

    c20e569a70fa22113a86b8fe9ef917a9fcb283f0b0594683f2ad9ff8f5dadceaa0bc0239ea748c3b1dd173b091d694ae70760d6fe6a2a2d6a354237fc12ca797

    Download Submit

  • \Windows\AppPatch\svchost.exe
    Filesize

    230KB

    MD5

    09569cf1886d3639f8771aea9fdeb91f

    SHA1

    657066081b67792f0d66f85b30165d75d80e4796

    SHA256

    6f2c2972a06e5000164560ce736a639a6d5ec1f37ed2ca52f0483eef73440571

    SHA512

    c20e569a70fa22113a86b8fe9ef917a9fcb283f0b0594683f2ad9ff8f5dadceaa0bc0239ea748c3b1dd173b091d694ae70760d6fe6a2a2d6a354237fc12ca797

    Download Submit

  • \Windows\AppPatch\svchost.exe
    Filesize

    230KB

    MD5

    09569cf1886d3639f8771aea9fdeb91f

    SHA1

    657066081b67792f0d66f85b30165d75d80e4796

    SHA256

    6f2c2972a06e5000164560ce736a639a6d5ec1f37ed2ca52f0483eef73440571

    SHA512

    c20e569a70fa22113a86b8fe9ef917a9fcb283f0b0594683f2ad9ff8f5dadceaa0bc0239ea748c3b1dd173b091d694ae70760d6fe6a2a2d6a354237fc12ca797

    Download Submit

  • memory/1284-67-0x00000000021E0000-0x0000000002288000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1284-70-0x00000000021E0000-0x0000000002288000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1284-61-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/1284-75-0x0000000002450000-0x0000000002506000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1284-74-0x00000000021E0000-0x0000000002288000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1284-63-0x0000000000500000-0x0000000000551000-memory.dmp

    Filesize

    324KB

    Download

  • memory/1284-65-0x00000000021E0000-0x0000000002288000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1284-66-0x00000000021E0000-0x0000000002288000-memory.dmp

    Filesize

    672KB

    Download

  • memory/1284-73-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/1284-69-0x00000000021E0000-0x0000000002288000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2016-55-0x0000000075661000-0x0000000075663000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2016-54-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/2016-62-0x0000000000400000-0x00000000004FD000-memory.dmp

    Filesize

    1012KB

    Download

  • memory/2016-60-0x0000000000320000-0x0000000000371000-memory.dmp

    Filesize

    324KB

    Download