Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

21cbedb0b2...7b.exe

windows7-x64

8

21cbedb0b2...7b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    10s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21cbedb0b2d9a139adce337672851bda35cffc972bf20f490040483eda45337b.exe

  • Size

    80KB

  • MD5

    0bf986be40980fd38c6d39e61167a9af

  • SHA1

    40bf3a6018b57bce24ef1db12bd92df6f130de37

  • SHA256

    21cbedb0b2d9a139adce337672851bda35cffc972bf20f490040483eda45337b

  • SHA512

    729b02302c4fc70900c9813673acb37c69f71e68792dea0dc8aedcbd235db92b2a43d17740f8659591da8c2c45931bcfbc3dc2732e00e0c80b4a6cd4aae83e4b

  • SSDEEP

    1536:ZnKZViWUC/JV16uXKNhOiFuCx9pmiG0si+p+InQ5gk:Z0ViWhz161fog9pVG0snnXk

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 4 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21cbedb0b2d9a139adce337672851bda35cffc972bf20f490040483eda45337b.exe
    "C:\Users\Admin\AppData\Local\Temp\21cbedb0b2d9a139adce337672851bda35cffc972bf20f490040483eda45337b.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Windows\SysWOW64\jfdfcewiuu\explorer.exe
      C:\Windows\system32\jfdfcewiuu\explorer.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Windows\SysWOW64\jfdfcewiuu\explorer.exe
        C:\Windows\system32\jfdfcewiuu\explorer.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1368
        • C:\Windows\SysWOW64\jfdfcewiuu\explorer.exe
          C:\Windows\system32\jfdfcewiuu\explorer.exe
          4⤵
            PID:1640

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      41KB

      MD5

      c971b2322d80f04a2003e1a264171d48

      SHA1

      68f2094fede7ee7f6fb6be0628d3f4b63d73c73c

      SHA256

      d92cc360a4fa012ce376e741b1259e6af08d15b9f0e3149c135520c9e12c91b7

      SHA512

      e9a07f7cca0405a34661e4fea9aee50f209742c78b82f2a58f8b24a3ed8fe3f5bff911f4d0069acd7b5fafc4f7c5fe0bb72632ace766bd9a03520c41f116c011

      Download Submit

    • C:\Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      28KB

      MD5

      8884e3736fadee4f6d2a0dbdd49d59f7

      SHA1

      274c89d00775832a73e6afea1bbbb6cb3a047f30

      SHA256

      833d9c8e260a45429181c1af020d22df8ec1504b58a0842a1553abe9fc6df802

      SHA512

      747ac089f81049c4c72cb7f3da9e7cc368670b3049414ec2c389a7a1709f59888428cff460093935987e77df50dec203e2b98db27d92cb558af24acd625ae884

      Download Submit

    • C:\Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      64KB

      MD5

      d990f5da9375aa79ae75a6c09fa94c1f

      SHA1

      47d87e91a87313bb9b2866f4db095f03a8d304bc

      SHA256

      b0b7c2b05b09b4befaf3293f941b94d5f91d81f72e994c74f6500851b5ada52a

      SHA512

      db6f9535196f46d488a20319393c0ca26fd599dceda138984c417ebd0d97a8f9aa34dd7a31d44fd0069bbaa76e31d96d21e1ce01d6d674e1d40ca05fe6dfe95b

      Download Submit

    • C:\Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      32KB

      MD5

      ca600eaae2bc85127f1449534140129f

      SHA1

      480744694e09abaeea6e5dc70170bd87e7bb7d44

      SHA256

      3b5696e492b5addd548b00d9b74bb9ea5ca6ea1791ddd3a472d34f8066df88a2

      SHA512

      3771cd373f333b81a78856fa62b0acc010c8485be3b68fa792cad45ec88d0c15ca9d16e5cf0533b94a4cd944fe07a1435044c505dd70482fafe7a8f51521ffed

      Download Submit

    • C:\Windows\SysWOW64\ykndywlqab\smss.exe
      Filesize

      60KB

      MD5

      35d915e8333dd87ac6d6bcce5fbecd59

      SHA1

      06c240bce90940a5fcbae67894e292fcb8b074d5

      SHA256

      a84ee7d7713c5337d1f8868eb7943f2087f18061cc11fef1b631287cf5297745

      SHA512

      bf42d642cf68f60595f7a19e85f41a271b058f7d5368b460395f11eccc6d2ecc3db864e17aa3f40fc15a681586577ada68a4ec361c06a883ca80a3f804c7ff35

      Download Submit

    • C:\Windows\SysWOW64\ykndywlqab\smss.exe
      Filesize

      39KB

      MD5

      d82862b3a0ecb7ffec857101ad6208c2

      SHA1

      838fc96716f63dcc14ef96be6eb9cf69276928d9

      SHA256

      7a2cfc7cb8537a732b53a08f5cf6469cb1a8e9cd3391dadbc9c3d016db94755a

      SHA512

      493905c94a75e65bd91dd9170d4eb37861825d81f4e4cbe3ba499b36cec6b6f4f3cc0629c9cb2837350b8d7c132d2c3f1676d1226853511ccbd09309128c5bc1

      Download Submit

    • C:\Windows\SysWOW64\ykndywlqab\smss.exe
      Filesize

      22KB

      MD5

      67133eb83d3c43b906e51f700a366d85

      SHA1

      f9b6162d0c190ffb4af884be6318a7181f5105f1

      SHA256

      65703c20544bb9e5da42f6769df9ab9e45043f9198f7496bdaf6a028dc8eaf30

      SHA512

      39fdaa2bde150dcab1782dcd312733f60ddb5e167de59ca1ef5d0ed2640ab7313ee5476b4bf033e0679177ff2ef0a83d4ead3fd026756a0e222cc07d1954e9f3

      Download Submit

    • \Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      76KB

      MD5

      42797acac6cda009458ea263bd9c5056

      SHA1

      d4d899c33281c75dfa407ed026fc1aaee8614702

      SHA256

      73c93fc5c9ac74e639571065140024da693bd80501b74bfac877b3784bf2a049

      SHA512

      8faa36a2b32150940fed92bb3cfbf395f7e77d694e4befd4b5419b039f806a34dbe61e8438446ffc68bf471446fcfe00c51fb4f56cb024491ff0d86579c3653d

      Download Submit

    • \Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      29KB

      MD5

      0c1596a5793437dcbc98e9f991896be1

      SHA1

      dccaf77dcbca660b048d08c22b8a65570591e90a

      SHA256

      a0e48d42557de297859c23712022a358c9b7ac18267342d0b323420ebe365f53

      SHA512

      2a3ac304a72456336c9d41e5d48f77200ce74a15717fd469252483cfa1265b980ab445174ae9a31d576399705533909e11f7e26f5e5d1ee7fb9b05f644c58acf

      Download Submit

    • \Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      36KB

      MD5

      4ada81a1ae245a413c4c18dccb70c6f3

      SHA1

      4613e4e3902862e6c048b5e4a24a595af7e53f3f

      SHA256

      9ae7c6978771c40caa35597c921293fb5fbd6164d30a12482e8b43eb2689736b

      SHA512

      8676750d7040e76bbf07d41e5430a543fb0f054601faeb4cbe710ff83be17409b3fb524357d2daa46bdfe4a8fcfc54cff10cc9796dbda98a9fad1f595880dfbc

      Download Submit

    • \Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      24KB

      MD5

      1e13afe1e38975892350940bd083d999

      SHA1

      7b04dfe627517824dbc21bcdae18b53d25f60e92

      SHA256

      dc670deb7ba1940102d8a1c61aaa9bfa1ab052d2ad0a776190ed4d6990fb9358

      SHA512

      c9212f3453e02df66253e6123c0751ffc93116912b6a46549a3673876c939f30f17888d95e81071c234444a663c8a34964a82daf661a26a1b716c82d3f81b573

      Download Submit

    • \Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      37KB

      MD5

      55e3250e781d5a22312cf8fdd91b0388

      SHA1

      54256ffebdd8c8acf1bd290feed878a7695ddb1d

      SHA256

      0f3732438f9f42b5c33e926efc75f909a7b0c5d29bea9316bdbe512091c3ac02

      SHA512

      fd143f226bcd572fd5d93a2a42043c77e8ef5b83caf6a36f5cdd63aa78c063da316e66c8e1107a437d2230160076cbcb5fb17b9173aca152c3d316a540eed348

      Download Submit

    • \Windows\SysWOW64\jfdfcewiuu\explorer.exe
      Filesize

      26KB

      MD5

      186ae79f8e382004095ea0130f1b4321

      SHA1

      0adc401981d1766d4bfc8b75fe6c3ca578c05c2f

      SHA256

      644beb41b8388d0ab5858bab184609e0a3af61cb0ef1a6d017404f2259d74680

      SHA512

      b832dae34f28ccdf1f9483a7c060d68f8626faaf9e3e70fdaf4a7ff646a74744adefd8ee754a4f64a335a8e8e9ea52b24e5fd4a529bb94cac14ac74ce5644e19

      Download Submit

    • memory/560-54-0x0000000076041000-0x0000000076043000-memory.dmp

      Filesize

      8KB

      Download

    • memory/560-55-0x0000000000400000-0x000000000045A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/560-80-0x0000000000400000-0x000000000045A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/560-62-0x0000000000330000-0x000000000038A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/560-63-0x0000000000330000-0x000000000038A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1232-81-0x0000000000400000-0x000000000045A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1232-64-0x0000000000400000-0x000000000045A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1368-78-0x0000000000330000-0x000000000038A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1368-71-0x0000000000400000-0x000000000045A000-memory.dmp

      Filesize

      360KB

      Download

    • memory/1640-79-0x0000000000400000-0x000000000045A000-memory.dmp

      Filesize

      360KB

      Download