Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1d34929f5a...9b.exe

windows7-x64

8

1d34929f5a...9b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d34929f5a27078bcf706693ac2b3768aa7f0893bde449f2df7e55803acdc79b.exe

  • Size

    256KB

  • MD5

    0e0b31ac867bf65d90e19a4b35576e40

  • SHA1

    c4a299775fc065d15cba2023567417084b77dd18

  • SHA256

    1d34929f5a27078bcf706693ac2b3768aa7f0893bde449f2df7e55803acdc79b

  • SHA512

    77b44ea778952b2831ea46458f828fff04278e68611f00729728355f069ed967e489d152e32efa8545af8dcbe6af4e87bc22f6f8bac1b0a1fccf6a5b08cc9ad5

  • SSDEEP

    6144:bvqyTM5nSOEt5zpaiRhcuGE07v6+uMHWzIH:brQ3wNxRhTKj6oHZ

Score
8/10
aspackv2persistenceupx

Malware Config

Signatures

  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d34929f5a27078bcf706693ac2b3768aa7f0893bde449f2df7e55803acdc79b.exe
    "C:\Users\Admin\AppData\Local\Temp\1d34929f5a27078bcf706693ac2b3768aa7f0893bde449f2df7e55803acdc79b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\78d26152.exe
      C:\78d26152.exe
      2⤵
      • Executes dropped EXE
      • Sets DLL path for service in the registry
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1044
  • C:\Windows\SysWOW64\Svchost.exe
    C:\Windows\SysWOW64\Svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
    1⤵
    • Loads dropped DLL
    PID:3168

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\78d26152.exe
    Filesize

    221KB

    MD5

    b3d1699bac5f4682cda6ca7676f8d333

    SHA1

    009fae507bc8b45b2a6e4f6e3753f60c96d3d692

    SHA256

    62e55bf4c88ceb6ca6ac53a2b3be0144c8939b4d576676f00182ef8bd5117218

    SHA512

    1a22e86d20b3f0cdae51bdef481caf3c83d1c5650c8566efef0bee941b5c4ddaf9d73d60b615de381c7d2e68a96cb118112898afb111ac41b68380a8ecffd571

    Download Submit

  • C:\78d26152.exe
    Filesize

    221KB

    MD5

    b3d1699bac5f4682cda6ca7676f8d333

    SHA1

    009fae507bc8b45b2a6e4f6e3753f60c96d3d692

    SHA256

    62e55bf4c88ceb6ca6ac53a2b3be0144c8939b4d576676f00182ef8bd5117218

    SHA512

    1a22e86d20b3f0cdae51bdef481caf3c83d1c5650c8566efef0bee941b5c4ddaf9d73d60b615de381c7d2e68a96cb118112898afb111ac41b68380a8ecffd571

    Download Submit

  • C:\Users\Infotmp.txt
    Filesize

    724B

    MD5

    f87f5425ff414a06dec432bbdf73ed25

    SHA1

    603784c88ba307081311379f2eb1c3e82d9a786f

    SHA256

    792a525858951143209846ea7bcab8cc3be83a131e444a16e446e56f191a551f

    SHA512

    09540205e90b353b3bdb90422c92399cfdab4e3c86863267b38c1fab28257e4927e9525396c2bc79b6048243a28e909661b842dcf3a82f4c0c0a39f820e27709

    Download Submit

  • C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll
    Filesize

    221KB

    MD5

    0669d63a75b1858b346fc2e650ab3e48

    SHA1

    52529e1ebebdd2d3c447f6044f64639e517d9ef4

    SHA256

    e74d7fd196f966eb88d82c5396181e0c7e159080a173bc69d207ee3a24d4728e

    SHA512

    af0d747f01a91a09f21e4b68258f6f285fd502f2b021dc25574a343a20f3a1abd0b1a86129385a4d9eada81808ea32ed9718c606ad002721a1b96b31c38a39c8

    Download Submit

  • \??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll
    Filesize

    221KB

    MD5

    0669d63a75b1858b346fc2e650ab3e48

    SHA1

    52529e1ebebdd2d3c447f6044f64639e517d9ef4

    SHA256

    e74d7fd196f966eb88d82c5396181e0c7e159080a173bc69d207ee3a24d4728e

    SHA512

    af0d747f01a91a09f21e4b68258f6f285fd502f2b021dc25574a343a20f3a1abd0b1a86129385a4d9eada81808ea32ed9718c606ad002721a1b96b31c38a39c8

    Download Submit

  • memory/1044-137-0x0000000000E00000-0x0000000000E47000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1044-138-0x0000000000E00000-0x0000000000E47000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1044-139-0x0000000002910000-0x0000000006910000-memory.dmp

    Filesize

    64.0MB

    Download

  • memory/1044-136-0x0000000000E00000-0x0000000000E47000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1044-146-0x0000000000E00000-0x0000000000E47000-memory.dmp

    Filesize

    284KB

    Download

  • memory/3168-142-0x0000000075730000-0x0000000075777000-memory.dmp

    Filesize

    284KB

    Download

  • memory/3168-143-0x0000000075730000-0x0000000075777000-memory.dmp

    Filesize

    284KB

    Download

  • memory/3168-144-0x0000000075730000-0x0000000075777000-memory.dmp

    Filesize

    284KB

    Download

  • memory/3168-147-0x0000000075730000-0x0000000075777000-memory.dmp

    Filesize

    284KB

    Download

  • memory/4444-132-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/4444-148-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download