Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

56c3250e2b...05.exe

windows7-x64

8

56c3250e2b...05.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    75s
  • max time network
    76s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 13:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe

  • Size

    935KB

  • MD5

    3c0b638fbf1db1f536bd140f721b8511

  • SHA1

    73fa5e6db53d44ba0b1df255dc7717fb89339ae7

  • SHA256

    56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405

  • SHA512

    a8347515288884148689997e17f9fbd3130af9073056b96da2a23f4f8e70a8d578eaa6a3883fb3e31abc47f5adf0bf79b1e5c78fcd7b7350c11847dd719b33f3

  • SSDEEP

    12288:p5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4:pyHv5Z+Wzv7AiBll0OBWi6si9G

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe
    "C:\Users\Admin\AppData\Local\Temp\56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\Users\Admin\AppData\Local\Temp\56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe
      "C:\Users\Admin\AppData\Local\Temp\56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe" Track="0001101000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:268

Network

  • flag-unknown
    DNS
    c0b9ey.i4fzg09.com
    56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe
    Remote address:
    8.8.8.8:53
    Request
    c0b9ey.i4fzg09.com
    IN A
    Response
  • flag-unknown
    DNS
    c0b9ey.i4fzg09.com
    56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe
    Remote address:
    8.8.8.8:53
    Request
    c0b9ey.i4fzg09.com
    IN A
  • 93.184.220.29:80
    46 B
     40 B
     1
    1
  • 204.79.197.200:443
    40 B
     1
  • 8.8.8.8:53
    c0b9ey.i4fzg09.com
    dns
    56c3250e2ba955d1e1b65f498b2f5028c9289b8d35a9dd86699179965cc10405.exe
    128 B
     137 B
     2
    1

    DNS Request

    c0b9ey.i4fzg09.com

    DNS Request

    c0b9ey.i4fzg09.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/268-55-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-54-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-57-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-58-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-61-0x00000000766F1000-0x00000000766F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/268-62-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-63-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-64-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-65-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/268-66-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.