Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

b7dea98845...af.exe

windows7-x64

10

b7dea98845...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 19:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf.exe

  • Size

    484KB

  • MD5

    a0469757e6d5a44b1a5a96d30f0be830

  • SHA1

    d47196dc84848ec42428bba6ea199fbf75401db0

  • SHA256

    b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf

  • SHA512

    f86ed3a9a3af40f99404a774108936c0785886c3f5cd94da4dde5122b0858e67be767547b11b749d79ddac69e42ef0c35ff42277002f6a7b01ad5107bd99ab20

  • SSDEEP

    12288:Ii0/1A2F8kLY4SRhESmV1dZYb0fzy660uP7I:Ix1bF312WFV1I0mT/Pc

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Windows security modification 2 TTPs 8 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf.exe
    "C:\Users\Admin\AppData\Local\Temp\b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf.exe"
    1⤵
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • System policy modification
    PID:1768

Network

  • flag-hk
    GET
    http://175.41.29.179/api/urls/?ts=532772f6fc5994b26c914d386d985b2069918131&affid=78709
    b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf.exe
    Remote address:
    175.41.29.179:80
    Request
    GET /api/urls/?ts=532772f6fc5994b26c914d386d985b2069918131&affid=78709 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.1; Windows NT 6.1; WOW64; Trident/5.0);(b:7601;c:INT-2D60;l:09)
    Host: 175.41.29.179
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 20 Oct 2022 22:16:30 GMT
    Content-Type: text/html
    Content-Length: 548
    Connection: keep-alive
  • flag-hk
    GET
    http://175.41.29.179/api/dom/no_respond/?ts=532772f6fc5994b26c914d386d985b2069918131&token=fya14oiYU&affid=78709&ver=3070033&group=sca
    b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf.exe
    Remote address:
    175.41.29.179:80
    Request
    GET /api/dom/no_respond/?ts=532772f6fc5994b26c914d386d985b2069918131&token=fya14oiYU&affid=78709&ver=3070033&group=sca HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.1; Windows NT 6.1; WOW64; Trident/5.0);(b:7601;c:INT-2D60;l:09)
    Host: 175.41.29.179
    Response
    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 20 Oct 2022 22:18:40 GMT
    Content-Type: text/html
    Content-Length: 548
    Connection: keep-alive
  • 175.41.29.179:80
    http://175.41.29.179/api/urls/?ts=532772f6fc5994b26c914d386d985b2069918131&affid=78709
    http
    b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf.exe
    608 B
     1.6kB
     7
    6

    HTTP Request

    GET http://175.41.29.179/api/urls/?ts=532772f6fc5994b26c914d386d985b2069918131&affid=78709

    HTTP Response

    404
  • 175.41.29.179:80
    http://175.41.29.179/api/dom/no_respond/?ts=532772f6fc5994b26c914d386d985b2069918131&token=fya14oiYU&affid=78709&ver=3070033&group=sca
    http
    b7dea98845b09c271b38b32fe347f3e780c81a49905b2faada9581ec9fc86aaf.exe
    512 B
     828 B
     4
    3

    HTTP Request

    GET http://175.41.29.179/api/dom/no_respond/?ts=532772f6fc5994b26c914d386d985b2069918131&token=fya14oiYU&affid=78709&ver=3070033&group=sca

    HTTP Response

    404
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1768-54-0x0000000076961000-0x0000000076963000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1768-55-0x0000000000400000-0x000000000141D000-memory.dmp

    Filesize

    16.1MB

    Download

  • memory/1768-56-0x0000000000220000-0x0000000000223000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1768-57-0x0000000000400000-0x000000000141D000-memory.dmp

    Filesize

    16.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.