Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

bad4c4249f...34.exe

windows7-x64

8

bad4c4249f...34.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 09:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bad4c4249f0b49ada95339e27ab657de949e5e5d5aaa99c43e3ab6d91b72a334.exe

  • Size

    160KB

  • MD5

    806880efba74530858b2b00c59211768

  • SHA1

    4f943d4db9d98c4e2392b4d36d877292affbdd91

  • SHA256

    bad4c4249f0b49ada95339e27ab657de949e5e5d5aaa99c43e3ab6d91b72a334

  • SHA512

    dc71eb7a67f81d29c36ddfe1bb0de6ed95425a5d2d3e2ff582bbff7d3e5ba3000a0fd38d470e361eee68c3defcf8265589357e5c3c12b1ee21680a799cdff070

  • SSDEEP

    3072:Hgrr1iDIGMl/K3HzB6Hh8gg6+24v4EqJwepqxpH9K7lxyyNzNfgZ:HqKIHKDB27g6+JI5pKUQr

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1360
      • C:\Users\Admin\AppData\Local\Temp\bad4c4249f0b49ada95339e27ab657de949e5e5d5aaa99c43e3ab6d91b72a334.exe
        "C:\Users\Admin\AppData\Local\Temp\bad4c4249f0b49ada95339e27ab657de949e5e5d5aaa99c43e3ab6d91b72a334.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:1456
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.EXE
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.EXE
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1516

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.EXE
      Filesize

      56KB

      MD5

      409a40d73ca6ee5b490147d9d26daddd

      SHA1

      15dd83ded02e54912afa9ca54632b4aca5947682

      SHA256

      9851ebc360f547fa8c9dc39ccac6e0a11f90ff28b437329621a572f0691f51a4

      SHA512

      f884bc719d15fc45fb5f9b787cf359ce112a4d1222de3111b421092fb4ca0a981058ef2d374394f9944cdd4e6946404520b29161fa533f9029786e530c4ae9f8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1.EXE
      Filesize

      56KB

      MD5

      409a40d73ca6ee5b490147d9d26daddd

      SHA1

      15dd83ded02e54912afa9ca54632b4aca5947682

      SHA256

      9851ebc360f547fa8c9dc39ccac6e0a11f90ff28b437329621a572f0691f51a4

      SHA512

      f884bc719d15fc45fb5f9b787cf359ce112a4d1222de3111b421092fb4ca0a981058ef2d374394f9944cdd4e6946404520b29161fa533f9029786e530c4ae9f8

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\1.EXE
      Filesize

      56KB

      MD5

      409a40d73ca6ee5b490147d9d26daddd

      SHA1

      15dd83ded02e54912afa9ca54632b4aca5947682

      SHA256

      9851ebc360f547fa8c9dc39ccac6e0a11f90ff28b437329621a572f0691f51a4

      SHA512

      f884bc719d15fc45fb5f9b787cf359ce112a4d1222de3111b421092fb4ca0a981058ef2d374394f9944cdd4e6946404520b29161fa533f9029786e530c4ae9f8

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\1.EXE
      Filesize

      56KB

      MD5

      409a40d73ca6ee5b490147d9d26daddd

      SHA1

      15dd83ded02e54912afa9ca54632b4aca5947682

      SHA256

      9851ebc360f547fa8c9dc39ccac6e0a11f90ff28b437329621a572f0691f51a4

      SHA512

      f884bc719d15fc45fb5f9b787cf359ce112a4d1222de3111b421092fb4ca0a981058ef2d374394f9944cdd4e6946404520b29161fa533f9029786e530c4ae9f8

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\1.EXE
      Filesize

      56KB

      MD5

      409a40d73ca6ee5b490147d9d26daddd

      SHA1

      15dd83ded02e54912afa9ca54632b4aca5947682

      SHA256

      9851ebc360f547fa8c9dc39ccac6e0a11f90ff28b437329621a572f0691f51a4

      SHA512

      f884bc719d15fc45fb5f9b787cf359ce112a4d1222de3111b421092fb4ca0a981058ef2d374394f9944cdd4e6946404520b29161fa533f9029786e530c4ae9f8

      Download Submit

    • memory/1360-67-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1456-62-0x0000000001000000-0x0000000001042000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1456-63-0x0000000000170000-0x00000000001B2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1456-64-0x00000000001D0000-0x00000000001D9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1456-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1456-71-0x0000000001000000-0x0000000001042000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1456-72-0x0000000000170000-0x000000000017D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/1516-66-0x0000000000020000-0x0000000000029000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1516-65-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1516-70-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.