Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

0f090f1390...fd.exe

windows7-x64

8

0f090f1390...fd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f090f139096ab36810df40340799fa15b67619017270f48baaf27221fa905fd.exe

  • Size

    163KB

  • MD5

    a17d65dc6cef4f486d205af380b99ca0

  • SHA1

    c55de01173c2b517f7018b7ffc45b0161ad846c9

  • SHA256

    0f090f139096ab36810df40340799fa15b67619017270f48baaf27221fa905fd

  • SHA512

    1aa534fe6bb989e9f3d7d37cfc2f9a16f264fbd0d606e40e7e5a53932fc0b95a91beffc24d3ab66440eb30d796804f965c1dc78ebe206cf65de66c7f81ebe8d4

  • SSDEEP

    3072:LzLi6OaU/EmwVan5rUXznzLi6OaU/EmwVan5rUXz:3LUj5AXHLUj5AX

Score
8/10
aspackv2persistenceupx

Malware Config

Signatures

  • ASPack v2.12-2.42 3 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 14 IoCs
    persistence
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 16 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f090f139096ab36810df40340799fa15b67619017270f48baaf27221fa905fd.exe
    "C:\Users\Admin\AppData\Local\Temp\0f090f139096ab36810df40340799fa15b67619017270f48baaf27221fa905fd.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\7a967891.exe
      C:\7a967891.exe
      2⤵
      • Executes dropped EXE
      • Sets DLL path for service in the registry
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:604

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\7a967891.exe
    Filesize

    81KB

    MD5

    947dfd23b9d1fb9d0d281bf6eaa1037b

    SHA1

    c814dbc75bd66450f1955d482b01447b9f640522

    SHA256

    9938bf5fce7f4742d3fe9bc1562a32f4ceaf9fc688023f8c1c6eee80184dc51b

    SHA512

    ed134aab47cb37fa36f710e33cd6745f4461d6d9cd842ea03900c884b218a2af8dde1bb39dcaf54629da3cd8e22274d5cadfe6773732be5b4ea1762a43f2030c

    Download Submit

  • C:\7a967891.exe
    Filesize

    81KB

    MD5

    947dfd23b9d1fb9d0d281bf6eaa1037b

    SHA1

    c814dbc75bd66450f1955d482b01447b9f640522

    SHA256

    9938bf5fce7f4742d3fe9bc1562a32f4ceaf9fc688023f8c1c6eee80184dc51b

    SHA512

    ed134aab47cb37fa36f710e33cd6745f4461d6d9cd842ea03900c884b218a2af8dde1bb39dcaf54629da3cd8e22274d5cadfe6773732be5b4ea1762a43f2030c

    Download Submit

  • \Windows\SysWOW64\45A00584.tmp
    Filesize

    81KB

    MD5

    efaf940a9b76c4ea33cf0af19205e5fb

    SHA1

    7a114421d7e9083a9d58682cc2d1234faf3cf152

    SHA256

    faa8fa798504958a432ac7c9c32466561ea09aa052722e479ef5140b62ef507d

    SHA512

    57e93b7ec818afa2f77ea453b54a12873bfe9f70d887aa1ce67c66d80a06db2d4a6480c38dbc30b28e20064536cc671d2fb3df48cc89550619a3d0717558f09c

    Download Submit

  • memory/604-65-0x0000000000CD0000-0x0000000000CF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/604-66-0x0000000002100000-0x0000000006100000-memory.dmp

    Filesize

    64.0MB

    Download

  • memory/604-59-0x0000000000CD0000-0x0000000000CF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/604-70-0x0000000074EA0000-0x0000000074F00000-memory.dmp

    Filesize

    384KB

    Download

  • memory/604-60-0x0000000000CD0000-0x0000000000CF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/604-67-0x0000000074EA0000-0x0000000074F00000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1472-69-0x0000000001040000-0x0000000001079000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1472-54-0x0000000001040000-0x0000000001079000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1472-64-0x0000000000CD0000-0x0000000000CF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1472-68-0x0000000001040000-0x0000000001079000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1472-63-0x0000000000CD0000-0x0000000000CF4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1472-71-0x0000000002480000-0x0000000006480000-memory.dmp

    Filesize

    64.0MB

    Download

  • memory/1472-72-0x0000000002480000-0x0000000006480000-memory.dmp

    Filesize

    64.0MB

    Download

  • memory/1472-55-0x0000000075451000-0x0000000075453000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1472-74-0x0000000001040000-0x0000000001079000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1472-75-0x0000000000CD0000-0x0000000000CF4000-memory.dmp

    Filesize

    144KB

    Download