Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

2899977965...a6.exe

windows7-x64

8

2899977965...a6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    33s
  • max time network
    66s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 15:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6.exe

  • Size

    935KB

  • MD5

    48d3801f0830de237bd7743c1b5f4867

  • SHA1

    4a1b2b47c6d6d854bf869212adf18b0146c3f954

  • SHA256

    28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6

  • SHA512

    700655d4be52aa09e3f4fcadb0210bf516924cc528d7bb603c6d503c6a012da09475d8ca9b933796a371414240a6b24e7a57e57d78321ba0bf77da5bdc6cddcf

  • SSDEEP

    12288:Z5Yr15f753d5QWIDz/Wz9NCyzHinLipNDJ5eoFb0OZ/WiGaks+HL63S27x4o:ZyHv5Z+Wzv7AiBll0OBWi6si9G5

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6.exe
    "C:\Users\Admin\AppData\Local\Temp\28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6.exe
      "C:\Users\Admin\AppData\Local\Temp\28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6.exe" Track="0001101000"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:2000

Network

  • flag-unknown
    DNS
    nib0blsllirg8l6an.qkzorsh1as.com
    28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6.exe
    Remote address:
    8.8.8.8:53
    Request
    nib0blsllirg8l6an.qkzorsh1as.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    nib0blsllirg8l6an.qkzorsh1as.com
    dns
    28999779656e944708e53ace702fcda6d4daf7464155e5ba22b2ebf7848949a6.exe
    78 B
     151 B
     1
    1

    DNS Request

    nib0blsllirg8l6an.qkzorsh1as.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-55-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2000-54-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2000-57-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2000-58-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2000-61-0x0000000075E31000-0x0000000075E33000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2000-62-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2000-63-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2000-64-0x0000000000400000-0x00000000004F2000-memory.dmp

    Filesize

    968KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.