Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

d339babd6f...08.exe

windows7-x64

8

d339babd6f...08.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    113s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d339babd6f9ba74660b7c5f9f998878d1b61aa1648af10aa2212aa1f97e30408.exe

  • Size

    252KB

  • MD5

    0685fd0e2615fb07d3c73c850bab4d5e

  • SHA1

    a7de009ab4bf23efed5dd847617501dcac505617

  • SHA256

    d339babd6f9ba74660b7c5f9f998878d1b61aa1648af10aa2212aa1f97e30408

  • SHA512

    fc43a3c19df503723dc0868d784951978cc6ecbe694fe9ce09acc2142e3d72ebe55d1940680b25b99e21f38a744f9db3b1589adee8b65d031d87cdef94b7ce29

  • SSDEEP

    6144:2jUJ84nmm/zKkj4D6aDWms2U80u9UJ58ajh+fk42+I:R/Wy/m/Uzu9UJ9j0fk7

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d339babd6f9ba74660b7c5f9f998878d1b61aa1648af10aa2212aa1f97e30408.exe
    "C:\Users\Admin\AppData\Local\Temp\d339babd6f9ba74660b7c5f9f998878d1b61aa1648af10aa2212aa1f97e30408.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\Qtuvea.exe
      C:\Windows\Qtuvea.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1680

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Qtuvea.exe
    Filesize

    252KB

    MD5

    0685fd0e2615fb07d3c73c850bab4d5e

    SHA1

    a7de009ab4bf23efed5dd847617501dcac505617

    SHA256

    d339babd6f9ba74660b7c5f9f998878d1b61aa1648af10aa2212aa1f97e30408

    SHA512

    fc43a3c19df503723dc0868d784951978cc6ecbe694fe9ce09acc2142e3d72ebe55d1940680b25b99e21f38a744f9db3b1589adee8b65d031d87cdef94b7ce29

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    408B

    MD5

    9ee28a90df4db89f0558d2833c97d157

    SHA1

    3c85bd84547bffdc47072977ee95ea827d4e5d1a

    SHA256

    76e0577e3cb158e26823aac577534e0462749460cc8a3e6ace717259e558a9c6

    SHA512

    93b71a9fcba9251e5a27ba5c25baaca02b2e118476808d337643aacb7cb03bc15a1f861286373a2188a0d4ce4e8a0fd19505657508fa47bb2261dd17b2111add

    Download Submit

  • memory/1504-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1504-55-0x0000000000120000-0x0000000000132000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-56-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1504-62-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1504-63-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1680-61-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download