Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

99ac31b4ef...6c.exe

windows7-x64

7

99ac31b4ef...6c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    78s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99ac31b4ef6d211eaf12d90975d0b75a0149c6c14acdb14abfda71ccdde6076c.exe

  • Size

    184KB

  • MD5

    ee93ea77139fdc0881d181de424be3db

  • SHA1

    ea0efe310ee3794a4d5f6e074e2f1f56e50180bc

  • SHA256

    99ac31b4ef6d211eaf12d90975d0b75a0149c6c14acdb14abfda71ccdde6076c

  • SHA512

    3e7013317814860cd439c11c7502d136464f6f16830960fb106d8546f3de112594461f741664eb3ed84a6610abd373863c61b15392e8ba17ea03f5dcd7b5fba2

  • SSDEEP

    3072:bqPO7C6IiSX2hI/rmE8PjguXRY7ArrCEmguU1DNlFJa39g:bSOu6i2hI/rXGg4RLmED5F

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99ac31b4ef6d211eaf12d90975d0b75a0149c6c14acdb14abfda71ccdde6076c.exe
    "C:\Users\Admin\AppData\Local\Temp\99ac31b4ef6d211eaf12d90975d0b75a0149c6c14acdb14abfda71ccdde6076c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Windows\SysWOW64\RUNDLL32.EXE
      RUNDLL32.EXE "C:\ProgramData\SxS.DLL" GnrkQr 0 "C:\Users\Admin\AppData\Local\Temp\99ac31b4ef6d211eaf12d90975d0b75a0149c6c14acdb14abfda71ccdde6076c.exe"
      2⤵
      • Loads dropped DLL
      PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\SxS.DLL
    Filesize

    184KB

    MD5

    5d5215ef8f5c5dbbb867cf73e081fad2

    SHA1

    b2a5830d7f6c5f2ad4cae0ad918f02c8b8eda43d

    SHA256

    34d9102d202bb16baaf24ee805b638570474cf717eb6356273827881cf09d687

    SHA512

    4e86f21c5e755e06c928279ccb74ecd91d15e317b9c11e04d4baf379cf9aafe686565c7d2b329778437609d44b97e3deb7d968b3d9325b68171f9bc5da97fcb8

    Download Submit

  • \ProgramData\SxS.DLL
    Filesize

    184KB

    MD5

    5d5215ef8f5c5dbbb867cf73e081fad2

    SHA1

    b2a5830d7f6c5f2ad4cae0ad918f02c8b8eda43d

    SHA256

    34d9102d202bb16baaf24ee805b638570474cf717eb6356273827881cf09d687

    SHA512

    4e86f21c5e755e06c928279ccb74ecd91d15e317b9c11e04d4baf379cf9aafe686565c7d2b329778437609d44b97e3deb7d968b3d9325b68171f9bc5da97fcb8

    Download Submit

  • \ProgramData\SxS.DLL
    Filesize

    184KB

    MD5

    5d5215ef8f5c5dbbb867cf73e081fad2

    SHA1

    b2a5830d7f6c5f2ad4cae0ad918f02c8b8eda43d

    SHA256

    34d9102d202bb16baaf24ee805b638570474cf717eb6356273827881cf09d687

    SHA512

    4e86f21c5e755e06c928279ccb74ecd91d15e317b9c11e04d4baf379cf9aafe686565c7d2b329778437609d44b97e3deb7d968b3d9325b68171f9bc5da97fcb8

    Download Submit

  • \ProgramData\SxS.DLL
    Filesize

    184KB

    MD5

    5d5215ef8f5c5dbbb867cf73e081fad2

    SHA1

    b2a5830d7f6c5f2ad4cae0ad918f02c8b8eda43d

    SHA256

    34d9102d202bb16baaf24ee805b638570474cf717eb6356273827881cf09d687

    SHA512

    4e86f21c5e755e06c928279ccb74ecd91d15e317b9c11e04d4baf379cf9aafe686565c7d2b329778437609d44b97e3deb7d968b3d9325b68171f9bc5da97fcb8

    Download Submit

  • \ProgramData\SxS.DLL
    Filesize

    184KB

    MD5

    5d5215ef8f5c5dbbb867cf73e081fad2

    SHA1

    b2a5830d7f6c5f2ad4cae0ad918f02c8b8eda43d

    SHA256

    34d9102d202bb16baaf24ee805b638570474cf717eb6356273827881cf09d687

    SHA512

    4e86f21c5e755e06c928279ccb74ecd91d15e317b9c11e04d4baf379cf9aafe686565c7d2b329778437609d44b97e3deb7d968b3d9325b68171f9bc5da97fcb8

    Download Submit

  • memory/1520-55-0x0000000075141000-0x0000000075143000-memory.dmp

    Filesize

    8KB

    Download