Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

Informatio...05.exe

windows7-x64

7

Informatio...05.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    177s
  • max time network
    222s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe

  • Size

    204KB

  • MD5

    60e35d1acbde6b22234c712c97869cfd

  • SHA1

    810a916c1d70376dadedebd9e83454c923346bf0

  • SHA256

    b6c2dcc6ea4160d06b1b9c077c60c20a696633cbed86cbc82f4c24e01205ff90

  • SHA512

    d23fb897260b02c3a097cc52cde48d06a595ceea18afa66c692ab7c13e4eb887229f923902d7d5cdd04d544e7d9474ea88a223411248405c8914b9933950b7a1

  • SSDEEP

    6144:qoVIiObZbJn9QEI01sV3iWw2s7ldCh8+V+e:1VIiibR9zULPs7lohr9

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
      PID:1172
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:1220
      • C:\Users\Admin\AppData\Local\Temp\Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe
        "C:\Users\Admin\AppData\Local\Temp\Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1252
        • C:\Users\Admin\AppData\Local\Temp\Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe
          C:\Users\Admin\AppData\Local\Temp\Informationen_Kontobewegung_dezember_2014_de_20_8139_237_90109238_000129_000028_05.exe
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:820
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\MS2476~1.BAT"
            4⤵
            • Deletes itself
            PID:1036
    • C:\Windows\system32\taskhost.exe
      "taskhost.exe"
      1⤵
        PID:1116
      • C:\Windows\system32\conhost.exe
        \??\C:\Windows\system32\conhost.exe "1485155040-96825141253633638296356627-958849348-668981143445992585-1329175643"
        1⤵
          PID:1476

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\ms2476501.bat
          Filesize

          201B

          MD5

          2ee10c6c0ec1d218ea5da118e730b2c4

          SHA1

          153c60e41bed5d6e57ca07e14195d17a065754ca

          SHA256

          0023e5545590d30ced8a919a7c600d93eb5d270b82ebd5185e0453e6d27b9dad

          SHA512

          c21fc3428a71852c079c4e1b04b7d2782397f7ab22821333dbb1db164a25c43bef6b6d8718172c68be11a2e9ca78f5f3e2e3f7c07c62056265f467b2391afc39

          Download Submit

        • memory/820-71-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/820-56-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/820-58-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/820-60-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/820-62-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/820-63-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/820-55-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/820-67-0x0000000000400000-0x0000000000412000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1036-80-0x00000000000F0000-0x0000000000104000-memory.dmp

          Filesize

          80KB

          Download

        • memory/1116-91-0x0000000001B40000-0x0000000001B57000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1116-87-0x0000000036F80000-0x0000000036F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1172-93-0x00000000001A0000-0x00000000001B7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1172-86-0x0000000036F80000-0x0000000036F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1220-73-0x0000000002A80000-0x0000000002A97000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1220-75-0x0000000036F80000-0x0000000036F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1220-92-0x0000000002A80000-0x0000000002A97000-memory.dmp

          Filesize

          92KB

          Download

        • memory/1252-54-0x0000000075991000-0x0000000075993000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1252-65-0x0000000000320000-0x0000000000324000-memory.dmp

          Filesize

          16KB

          Download

        • memory/1476-89-0x0000000036F80000-0x0000000036F90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1476-90-0x00000000000B0000-0x00000000000C7000-memory.dmp

          Filesize

          92KB

          Download