Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

40f511187d...21.exe

windows7-x64

8

40f511187d...21.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    110s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40f511187d6eba26e40881e91b920aed38b10b26a3a2956359cb20f0909c4821.exe

  • Size

    1.1MB

  • MD5

    7d2c521d3cc17449b41eb4b3fa8336e0

  • SHA1

    7cd2ec292316abb465f172d9d99d6332519ca7c4

  • SHA256

    40f511187d6eba26e40881e91b920aed38b10b26a3a2956359cb20f0909c4821

  • SHA512

    db540376455e341b43416406ceeee5449877b14d87a6c2869ffa713cd1a090e65b0f9adf3e41c632b1a65bced4bb36a2511e7e10c10d747db6a45032fea16e06

  • SSDEEP

    12288:0RyTSktU4g/n/t0EW5A0zyYvJwQ5oAlK+GE4vebIk6bQQ52LgRg08y5Hpn9qD3IY:4StU4gf2EW5A2DJr/kS4vGIk6v3HY5r

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40f511187d6eba26e40881e91b920aed38b10b26a3a2956359cb20f0909c4821.exe
    "C:\Users\Admin\AppData\Local\Temp\40f511187d6eba26e40881e91b920aed38b10b26a3a2956359cb20f0909c4821.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:916
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:1324
  • C:\Windows\qihu360.com.cn.exe
    C:\Windows\qihu360.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\qihu360.com.cn.exe
    Filesize

    1.1MB

    MD5

    7d2c521d3cc17449b41eb4b3fa8336e0

    SHA1

    7cd2ec292316abb465f172d9d99d6332519ca7c4

    SHA256

    40f511187d6eba26e40881e91b920aed38b10b26a3a2956359cb20f0909c4821

    SHA512

    db540376455e341b43416406ceeee5449877b14d87a6c2869ffa713cd1a090e65b0f9adf3e41c632b1a65bced4bb36a2511e7e10c10d747db6a45032fea16e06

    Download Submit

  • C:\Windows\qihu360.com.cn.exe
    Filesize

    1.1MB

    MD5

    7d2c521d3cc17449b41eb4b3fa8336e0

    SHA1

    7cd2ec292316abb465f172d9d99d6332519ca7c4

    SHA256

    40f511187d6eba26e40881e91b920aed38b10b26a3a2956359cb20f0909c4821

    SHA512

    db540376455e341b43416406ceeee5449877b14d87a6c2869ffa713cd1a090e65b0f9adf3e41c632b1a65bced4bb36a2511e7e10c10d747db6a45032fea16e06

    Download Submit

  • C:\Windows\uninstal.bat
    Filesize

    254B

    MD5

    766611b53f889bc40fc95ac23e278752

    SHA1

    9eed9fca619060f97d74112259fa95d29d44d8e0

    SHA256

    c2d14ac8b6b47baac2ba1975d242086bea8fa415a28f5afe40973f2058735042

    SHA512

    e5535f4474595a0b89d65f961a95e7a7b9c0f2dd8abfa30843e802407a205f4fbbd80b9936a5472d8843aa878a6e36febd6bf431c3ef58f4fa8c818bfe57e850

    Download Submit

  • memory/916-54-0x0000000076091000-0x0000000076093000-memory.dmp

    Filesize

    8KB

    Download