Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

2014_11vod...45.exe

windows7-x64

7

2014_11vod...45.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    152s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24/11/2022, 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2014_11vodafone_onlinerechnung_002120003909_november_390321980009_11_00000000445.exe

  • Size

    176KB

  • MD5

    0bdbb242c3d65c99b0c4b3bdad19a793

  • SHA1

    1b2a37b64b1a7ca71b801125faca273408bb7e67

  • SHA256

    942b643d07c0cb4ac1593dccd846fe4bcda402f5f74fa4ba1437248e7c89e0c3

  • SHA512

    387c6455dc286989d0de8b418505b5453ce82c262132eba2975006b59057a698bb5fe33bfa428690d0db30b3396ba6b699a1ad2b68482bc04df27975ca19206e

  • SSDEEP

    3072:bBfHcmI+fMEJRvGGs4Edlb9kMv0UNLp+CSYnzyZyvBwwQlF9KwrrznF19AaROhze:blH80NJ5ZEdT8UlpaYzyZeBzQJPrrjFt

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
      PID:1344
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1396
      • C:\Users\Admin\AppData\Local\Temp\2014_11vodafone_onlinerechnung_002120003909_november_390321980009_11_00000000445.exe
        "C:\Users\Admin\AppData\Local\Temp\2014_11vodafone_onlinerechnung_002120003909_november_390321980009_11_00000000445.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1504
        • C:\Users\Admin\AppData\Local\Temp\2014_11vodafone_onlinerechnung_002120003909_november_390321980009_11_00000000445.exe
          C:\Users\Admin\AppData\Local\Temp\2014_11vodafone_onlinerechnung_002120003909_november_390321980009_11_00000000445.exe
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1536
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\MS1567~1.BAT"
            4⤵
            • Deletes itself
            PID:1796
    • C:\Windows\system32\taskhost.exe
      "taskhost.exe"
      1⤵
        PID:1260
      • C:\Windows\system32\conhost.exe
        \??\C:\Windows\system32\conhost.exe "-1035388673-49390344986238328-780695326-15180360221853456369-1052598401862982445"
        1⤵
          PID:792

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\ms1567501.bat
          Filesize

          201B

          MD5

          a2f857a67ec5000c3fe3d81bbcac3799

          SHA1

          060af9dea8b4f7f9e73cf8232bd307426011941d

          SHA256

          be2081a4c09b0474846a5549ff7936fd42937ac25cd0978ebdf7a4df441022c5

          SHA512

          4ecf014f2aafb332d7e22eb180f4bf4cc775b9ac0b5e89b145155982588ffbcf256cebcee48589aeeed8a917fc26f6e2b35e75c9e7103d5ad0c859f55dc1f611

          Download Submit

        • memory/792-91-0x00000000000C0000-0x00000000000D7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/792-89-0x0000000037900000-0x0000000037910000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1260-87-0x0000000037900000-0x0000000037910000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1260-92-0x0000000001C40000-0x0000000001C57000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1344-93-0x0000000000120000-0x0000000000137000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1344-88-0x0000000037900000-0x0000000037910000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1396-94-0x0000000002540000-0x0000000002557000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1396-75-0x0000000037900000-0x0000000037910000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1396-72-0x0000000002540000-0x0000000002557000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1396-77-0x0000000002540000-0x0000000002557000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1504-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1504-65-0x0000000000380000-0x0000000000384000-memory.dmp

          Filesize

          16KB

          Download

        • memory/1536-74-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1536-67-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1536-63-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1536-62-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1536-60-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1536-58-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1536-56-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1536-55-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1796-81-0x00000000001F0000-0x0000000000204000-memory.dmp

          Filesize

          80KB

          Download