Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

60b4fc2d9a...c9.exe

windows7-x64

8

60b4fc2d9a...c9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    73s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 22:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe

  • Size

    168KB

  • MD5

    554e65fc297fb631094fbbc15be61730

  • SHA1

    8e9d910c321d588b72daaaf801b4c37101ca270c

  • SHA256

    60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9

  • SHA512

    2a840df37f7b25257320b26d3cb4570c66c33b30384959616f4c9effcefce66dbbc3c1486704d04e5218e05335714c0f0667d9ebb389cbfeb69dcd19f06b25ff

  • SSDEEP

    3072:Q1uis3Hb+Q5Xq8+5zQWFDsJrmVyzACeJwi72jlQpBW/RsFPPtuui/g20NdyPOB:y0bR1+5kWFQBYAcJDpo6FPPt6g2Bi

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
    "C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3608
  • C:\PROGRA~3\Mozilla\fmzgwvi.exe
    C:\PROGRA~3\Mozilla\fmzgwvi.exe -gtfwajn
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4256

Network

    No results found
  • 2.18.109.224:443
    322 B
     7
  • 20.50.80.209:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\fmzgwvi.exe
    Filesize

    168KB

    MD5

    768cb4c0b636659ba30e1af0050ba657

    SHA1

    71e9cf3bc2ed71aa578c99650f8ff78e06f889b4

    SHA256

    300a972a2acfa09eb5280c5af7a790888db587728416ad2505a900bf41b7f9cd

    SHA512

    4cf283aa9b20465467816e62d947bece41a591c91ade73d49b7321aeae3ac31be3d0af799fb7622d1038aa938ca131e5c65b5580d4df147d98409ad7b6f92d83

    Download Submit

  • C:\ProgramData\Mozilla\fmzgwvi.exe
    Filesize

    168KB

    MD5

    768cb4c0b636659ba30e1af0050ba657

    SHA1

    71e9cf3bc2ed71aa578c99650f8ff78e06f889b4

    SHA256

    300a972a2acfa09eb5280c5af7a790888db587728416ad2505a900bf41b7f9cd

    SHA512

    4cf283aa9b20465467816e62d947bece41a591c91ade73d49b7321aeae3ac31be3d0af799fb7622d1038aa938ca131e5c65b5580d4df147d98409ad7b6f92d83

    Download Submit

  • memory/3608-132-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/3608-133-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4256-138-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4256-139-0x0000000000400000-0x0000000000461000-memory.dmp

    Filesize

    388KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.