Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

313c01c10e...b0.exe

windows7-x64

8

313c01c10e...b0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 11:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    313c01c10ec2f881ab69c620e8392db3d31f759535ffe1d6c5134cd1a90178b0.exe

  • Size

    19KB

  • MD5

    6c1cf58e58d39e3cb9f8e048e1fc5c8b

  • SHA1

    5fb9b4db656e07cf6867e5abe46afa095fc69d78

  • SHA256

    313c01c10ec2f881ab69c620e8392db3d31f759535ffe1d6c5134cd1a90178b0

  • SHA512

    12dd9243652e945dc1ab8f293815404884ee81f69c451b56042e576f95c781f9d422886038022cc15bf5c472b2f09aff7d642595fefb25e5d5e836413191f9b2

  • SSDEEP

    192:jg+tnpHfqt4y6gGamGFvHMn0B8pDdYmoxYIqExx389euBoPeWsgQEIgxGPZxISmL:jtpcH9HMnLamoY6PIxBZMQZxfQFyC

Score
8/10
persistenceupx

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\313c01c10ec2f881ab69c620e8392db3d31f759535ffe1d6c5134cd1a90178b0.exe
    "C:\Users\Admin\AppData\Local\Temp\313c01c10ec2f881ab69c620e8392db3d31f759535ffe1d6c5134cd1a90178b0.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Users\Admin\AppData\Local\Temp\wcm.exe
      C:\Users\Admin\AppData\Local\Temp\wcm.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:648
    • C:\Windows\SysWOW64\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:888

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\wcm.exe
      Filesize

      6KB

      MD5

      844ce3e7e12602f8f8a5425d54a81657

      SHA1

      badeee913393968e54b8a33f387e1500bf326ec3

      SHA256

      b2b7a5ffc0b0d03942c191934ce59c26ac307cc56fb087fa5ce91162e04d872e

      SHA512

      d254448941cdbf084a330cc241236d1b2dced3eace2c0fade3cf9271b5cc11df220ae6a63f1b27ffc5a856251125c92131d4b68d51457a8704d1c4e61a7e4b98

      Download Submit

    • \Users\Admin\AppData\Local\Temp\wcm.exe
      Filesize

      6KB

      MD5

      844ce3e7e12602f8f8a5425d54a81657

      SHA1

      badeee913393968e54b8a33f387e1500bf326ec3

      SHA256

      b2b7a5ffc0b0d03942c191934ce59c26ac307cc56fb087fa5ce91162e04d872e

      SHA512

      d254448941cdbf084a330cc241236d1b2dced3eace2c0fade3cf9271b5cc11df220ae6a63f1b27ffc5a856251125c92131d4b68d51457a8704d1c4e61a7e4b98

      Download Submit

    • \Users\Admin\AppData\Local\Temp\wcm.exe
      Filesize

      6KB

      MD5

      844ce3e7e12602f8f8a5425d54a81657

      SHA1

      badeee913393968e54b8a33f387e1500bf326ec3

      SHA256

      b2b7a5ffc0b0d03942c191934ce59c26ac307cc56fb087fa5ce91162e04d872e

      SHA512

      d254448941cdbf084a330cc241236d1b2dced3eace2c0fade3cf9271b5cc11df220ae6a63f1b27ffc5a856251125c92131d4b68d51457a8704d1c4e61a7e4b98

      Download Submit

    • memory/648-63-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/648-66-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1104-60-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1104-61-0x0000000000230000-0x000000000023B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1104-62-0x0000000000230000-0x000000000023B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1104-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1104-65-0x0000000000230000-0x000000000023B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1104-64-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.