Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

100.exe

windows7-x64

8

100.exe

windows10-2004-x64

10

101.exe

windows7-x64

1

101.exe

windows10-2004-x64

1

102.exe

windows7-x64

8

102.exe

windows10-2004-x64

5

103.exe

windows7-x64

8

103.exe

windows10-2004-x64

1

105.exe

windows7-x64

10

105.exe

windows10-2004-x64

10

106.exe

windows7-x64

8

106.exe

windows10-2004-x64

1

107.exe

windows7-x64

6

107.exe

windows10-2004-x64

6

108.exe

windows7-x64

10

108.exe

windows10-2004-x64

10

109.exe

windows7-x64

10

109.exe

windows10-2004-x64

5

110.exe

windows7-x64

10

110.exe

windows10-2004-x64

10

111.exe

windows7-x64

10

111.exe

windows10-2004-x64

10

112.exe

windows7-x64

8

112.exe

windows10-2004-x64

7

113.exe

windows7-x64

10

113.exe

windows10-2004-x64

10

114.exe

windows7-x64

10

114.exe

windows10-2004-x64

8

115.exe

windows7-x64

10

115.exe

windows10-2004-x64

10

116.exe

windows7-x64

8

116.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    69s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26/11/2022, 11:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    100.exe

  • Size

    75KB

  • MD5

    6fe5189a35abb1d99830e92de024bd2d

  • SHA1

    add93a5ad62ff4d923f68661727ea0c37d2053fd

  • SHA256

    9e3ad5186e3784d866a3ed9a41e61a1ff2fbb983ce8edb330a3b069f452b636d

  • SHA512

    7f28b95a47947f75c10763dec5a22fc77b9d249144e24c8de8824dba0dc375729f1b8a4e4aa9faeb3031ee11d1e38afbc167904f5a5061390d896673b414950c

  • SSDEEP

    768:tbyvTDdVf5ozWBYP5SywTwiN9dguJcF4Qhc4VjsS8jAnKNu6LUEscg6U2:tbyvtVRsWyP55wTwiT2hBjsV61nV2

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Drops startup file 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\100.exe
    "C:\Users\Admin\AppData\Local\Temp\100.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Users\Admin\AppData\Local\Temp\AvastUpdate.exe
      "C:\Users\Admin\AppData\Local\Temp\AvastUpdate.exe"
      2⤵
      • Executes dropped EXE
      • Drops startup file
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\AvastUpdate.exe" "AvastUpdate.exe" ENABLE
        3⤵
        • Modifies Windows Firewall
        PID:1468

Network

  • flag-unknown
    DNS
    titoownz.ddns.net
    AvastUpdate.exe
    Remote address:
    8.8.8.8:53
    Request
    titoownz.ddns.net
    IN A
    Response
No results found
  • 8.8.8.8:53
    titoownz.ddns.net
    dns
    AvastUpdate.exe
    63 B
     123 B
     1
    1

    DNS Request

    titoownz.ddns.net

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AvastUpdate.exe
    Filesize

    75KB

    MD5

    6fe5189a35abb1d99830e92de024bd2d

    SHA1

    add93a5ad62ff4d923f68661727ea0c37d2053fd

    SHA256

    9e3ad5186e3784d866a3ed9a41e61a1ff2fbb983ce8edb330a3b069f452b636d

    SHA512

    7f28b95a47947f75c10763dec5a22fc77b9d249144e24c8de8824dba0dc375729f1b8a4e4aa9faeb3031ee11d1e38afbc167904f5a5061390d896673b414950c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AvastUpdate.exe
    Filesize

    75KB

    MD5

    6fe5189a35abb1d99830e92de024bd2d

    SHA1

    add93a5ad62ff4d923f68661727ea0c37d2053fd

    SHA256

    9e3ad5186e3784d866a3ed9a41e61a1ff2fbb983ce8edb330a3b069f452b636d

    SHA512

    7f28b95a47947f75c10763dec5a22fc77b9d249144e24c8de8824dba0dc375729f1b8a4e4aa9faeb3031ee11d1e38afbc167904f5a5061390d896673b414950c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\AvastUpdate.exe
    Filesize

    75KB

    MD5

    6fe5189a35abb1d99830e92de024bd2d

    SHA1

    add93a5ad62ff4d923f68661727ea0c37d2053fd

    SHA256

    9e3ad5186e3784d866a3ed9a41e61a1ff2fbb983ce8edb330a3b069f452b636d

    SHA512

    7f28b95a47947f75c10763dec5a22fc77b9d249144e24c8de8824dba0dc375729f1b8a4e4aa9faeb3031ee11d1e38afbc167904f5a5061390d896673b414950c

    Download Submit

  • memory/1388-63-0x0000000074690000-0x0000000074C3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1388-64-0x0000000074690000-0x0000000074C3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1960-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1960-55-0x0000000074690000-0x0000000074C3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1960-56-0x0000000074690000-0x0000000074C3B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1960-62-0x0000000074690000-0x0000000074C3B000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.