Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

transact_s...11.exe

windows7-x64

10

transact_s...11.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    43s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2022, 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    transact_store/transact_e5ebfdsd6211.exe

  • Size

    58KB

  • MD5

    182ee0f73cd9743985ceb3248400fd44

  • SHA1

    a3be64e08d2190fc54c3732090e4888a2162578c

  • SHA256

    8a23558f6b59c714495ad9753609f359bd025b6bb205b8ac00a7a84ed1372589

  • SHA512

    6e0135ce9c715e95e3b3e4328d50a8b4822e9cde36d4e60b7c370dcb3892dfe4e08d6b201f4d60c3e33f37514179bf747fa37a475f4589e5b15280ac657fc262

  • SSDEEP

    1536:cQCQKXujec19h2F0plccw9ZFvXR2dowZypaXTNSLO6:lFsh2pEdXR2IV

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Blocklisted process makes network request 5 IoCs
  • Disables taskbar notifications via registry modification
    evasion
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: MapViewOfSection 26 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\transact_store\transact_e5ebfdsd6211.exe
    "C:\Users\Admin\AppData\Local\Temp\transact_store\transact_e5ebfdsd6211.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Admin\AppData\Local\Temp\transact_store\transact_e5ebfdsd6211.exe
      "C:\Users\Admin\AppData\Local\Temp\transact_store\transact_e5ebfdsd6211.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1452
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\SysWOW64\msiexec.exe
        3⤵
        • Modifies visiblity of hidden/system files in Explorer
        • UAC bypass
        • Adds policy Run key to start application
        • Blocklisted process makes network request
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious behavior: RenamesItself
        • Suspicious use of AdjustPrivilegeToken
        PID:1120

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1120-69-0x000000007EF90000-0x000000007EF96000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1120-68-0x000000007EF90000-0x000000007EF96000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1120-67-0x0000000000090000-0x00000000000A4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1452-65-0x000000007EF90000-0x000000007EF96000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1452-62-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1452-57-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1452-56-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1452-55-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1980-60-0x0000000074340000-0x00000000748EB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1980-61-0x000000000067A000-0x000000000067D000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1980-54-0x0000000075981000-0x0000000075983000-memory.dmp

    Filesize

    8KB

    Download