Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    41s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 20:30

General

  • Target

    2e35a81ea95bf6f83fcb8cb27bf085360f79abd01a88fa79406a82a4195efe12.exe

  • Size

    105KB

  • MD5

    80fcedc30fd7e9cf90c40d04bd06beba

  • SHA1

    c27ef96cf12f0a699a6f8b8eb2f0ce294be2b97e

  • SHA256

    2e35a81ea95bf6f83fcb8cb27bf085360f79abd01a88fa79406a82a4195efe12

  • SHA512

    59bb1cd9aec4e3d2ea553cbe3002c1ae0a7076523e807a81536ea15602954be6a129011787f0a6922cf9d2f8cbe62c6880e48eee1baf8dca6973947e04457f63

  • SSDEEP

    1536:fEizl72rH5hmMMXapYHF3LHRfP2FB+13vCjAWX:Mizt/MMapYlR+Bca

Score
8/10

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Modifies WinLogon 2 TTPs 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e35a81ea95bf6f83fcb8cb27bf085360f79abd01a88fa79406a82a4195efe12.exe
    "C:\Users\Admin\AppData\Local\Temp\2e35a81ea95bf6f83fcb8cb27bf085360f79abd01a88fa79406a82a4195efe12.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:704
    • C:\Users\Admin\AppData\Local\Temp\2e35a81ea95bf6f83fcb8cb27bf085360f79abd01a88fa79406a82a4195efe12.exe
      "C:\Users\Admin\AppData\Local\Temp\2e35a81ea95bf6f83fcb8cb27bf085360f79abd01a88fa79406a82a4195efe12.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Modifies WinLogon
      PID:1724

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\hvrtsny.dll

    Filesize

    30KB

    MD5

    a38e18ed0e0317c84cc03d06d3f9494b

    SHA1

    cedd8bcd404dbd6ac3f25353729e82777746bafd

    SHA256

    cc15756a0ec3d7626873b3eda670b62275e51a3b1ae027df3c8cdeed40ef81dd

    SHA512

    e6ff9bc1e517b6424381aa45f9cf27f824fa1bc7f73d45cd10897e385e63cc2cf66f65cb2c0d145e28c60869a5d9085b29705f28796f3a2185c21faacd50b808

  • memory/704-54-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

    Filesize

    8KB

  • memory/704-63-0x0000000000290000-0x0000000000294000-memory.dmp

    Filesize

    16KB

  • memory/1724-55-0x00000000001B0000-0x00000000002AA000-memory.dmp

    Filesize

    1000KB

  • memory/1724-57-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

  • memory/1724-58-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

  • memory/1724-60-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

  • memory/1724-61-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

  • memory/1724-66-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

  • memory/1724-67-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

  • memory/1724-69-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB