Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5c266669fa...01.exe

windows7-x64

10

5c266669fa...01.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    261s
  • max time network
    384s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c266669faa0f6f4469002fefaab7d622863234b59f391c67f157b391ec2f001.exe

  • Size

    182KB

  • MD5

    b2f9c4d7a56ba2010ce7df5095cd2b88

  • SHA1

    7fee93691e62a57a8bf31ab4e09ef7770af3bd27

  • SHA256

    5c266669faa0f6f4469002fefaab7d622863234b59f391c67f157b391ec2f001

  • SHA512

    5b4d59252ed4d0c39fcbe571d538ce44b90d9fefe7f7948f25afc23717ad7e32b190d51744e63ecbc77d15e685ddd58ab9f6873396a449f2dabcf0d46bd22a53

  • SSDEEP

    3072:iSexSO8y/9VZ92PMcTaeV11n722A8J3DtVpXsjRmTdkCV6g166lRgeMTALTpDdgl:ix9Z/9EP3tV72ITtrTWe6gpTC5

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 18 IoCs
    evasion
  • Modifies security service 2 TTPs 24 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Unexpected DNS network traffic destination 18 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\services.exe
    C:\Windows\system32\services.exe
    1⤵
    • Modifies firewall policy service
    • Modifies security service
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:460
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1248
    • C:\Users\Admin\AppData\Local\Temp\5c266669faa0f6f4469002fefaab7d622863234b59f391c67f157b391ec2f001.exe
      "C:\Users\Admin\AppData\Local\Temp\5c266669faa0f6f4469002fefaab7d622863234b59f391c67f157b391ec2f001.exe"
      2⤵
      • Registers COM server for autorun
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:896

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-18\$e0870acbcd010e28031691a4b4cb2286\@
    Filesize

    2KB

    MD5

    d9ff90732aa714c3d4663dbcc9f2c0f2

    SHA1

    c934a06335ec6e01906df4c4f9b70af297a4881f

    SHA256

    ca28f9424d76339f0bf77260f5f44fd815b0c1123a460772c21c31284dd6feaa

    SHA512

    9d30cf47efacc1914071c5594479b0973828df7d818dc88328d96a63bca0a74a441597c37973dfb01a88b0733b5e2517b7f1ec0668672139cf4a79fce06e341b

    Download Submit

  • C:\$Recycle.Bin\S-1-5-18\$e0870acbcd010e28031691a4b4cb2286\n
    Filesize

    25KB

    MD5

    9e0cd37b6d0809cf7d5fa5b521538d0d

    SHA1

    411ffdbe6c151dbd417bc59fa9dfec22b0adc9f2

    SHA256

    55d9748f0556576a8d522cf4b8dcfc9717436adcc487d49b3320770432960db2

    SHA512

    b511ee744dbe6cf0f54cb840d3786e89161115d0038425dde86d57752f76cae7a05f020120b43dc1444bd914c8c1690049e456635cc794fbf90e26794587dfc5

    Download Submit

  • C:\$Recycle.Bin\S-1-5-21-1214520366-621468234-4062160515-1000\$e0870acbcd010e28031691a4b4cb2286\n
    Filesize

    25KB

    MD5

    9e0cd37b6d0809cf7d5fa5b521538d0d

    SHA1

    411ffdbe6c151dbd417bc59fa9dfec22b0adc9f2

    SHA256

    55d9748f0556576a8d522cf4b8dcfc9717436adcc487d49b3320770432960db2

    SHA512

    b511ee744dbe6cf0f54cb840d3786e89161115d0038425dde86d57752f76cae7a05f020120b43dc1444bd914c8c1690049e456635cc794fbf90e26794587dfc5

    Download Submit

  • \$Recycle.Bin\S-1-5-18\$e0870acbcd010e28031691a4b4cb2286\n
    Filesize

    25KB

    MD5

    9e0cd37b6d0809cf7d5fa5b521538d0d

    SHA1

    411ffdbe6c151dbd417bc59fa9dfec22b0adc9f2

    SHA256

    55d9748f0556576a8d522cf4b8dcfc9717436adcc487d49b3320770432960db2

    SHA512

    b511ee744dbe6cf0f54cb840d3786e89161115d0038425dde86d57752f76cae7a05f020120b43dc1444bd914c8c1690049e456635cc794fbf90e26794587dfc5

    Download Submit

  • \$Recycle.Bin\S-1-5-21-1214520366-621468234-4062160515-1000\$e0870acbcd010e28031691a4b4cb2286\n
    Filesize

    25KB

    MD5

    9e0cd37b6d0809cf7d5fa5b521538d0d

    SHA1

    411ffdbe6c151dbd417bc59fa9dfec22b0adc9f2

    SHA256

    55d9748f0556576a8d522cf4b8dcfc9717436adcc487d49b3320770432960db2

    SHA512

    b511ee744dbe6cf0f54cb840d3786e89161115d0038425dde86d57752f76cae7a05f020120b43dc1444bd914c8c1690049e456635cc794fbf90e26794587dfc5

    Download Submit

  • memory/896-54-0x0000000075E81000-0x0000000075E83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/896-57-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/896-58-0x00000000004FE000-0x000000000051F000-memory.dmp

    Filesize

    132KB

    Download

  • memory/896-62-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/896-63-0x00000000004FE000-0x000000000051F000-memory.dmp

    Filesize

    132KB

    Download