Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

2d6fc2a4ca...36.exe

windows7-x64

8

2d6fc2a4ca...36.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    88s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 05:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d6fc2a4cab93c3d4566a5acfa8311c9ab0b9915cd19e66fa7b8f2140a214236.exe

  • Size

    267KB

  • MD5

    1e7f33ab7b2afd6ad43db35218c2a920

  • SHA1

    5c86f0e35cb0c828fec223ae975275980c03b21b

  • SHA256

    2d6fc2a4cab93c3d4566a5acfa8311c9ab0b9915cd19e66fa7b8f2140a214236

  • SHA512

    e723fadfa182eff0c5d36a3169393a8bfea84dcf595a4a425d9937f920a4aba9847f3a43b83ca52a60e1a235aff7d51aa97d6c309ffcf410aa0234999d084549

  • SSDEEP

    6144:KxZacIb6dRk68ciOXPSLy4IOcDYCNMiZICI5:KpRk6tiOXR4Jc8RiI

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d6fc2a4cab93c3d4566a5acfa8311c9ab0b9915cd19e66fa7b8f2140a214236.exe
    "C:\Users\Admin\AppData\Local\Temp\2d6fc2a4cab93c3d4566a5acfa8311c9ab0b9915cd19e66fa7b8f2140a214236.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Users\Admin\AppData\Local\Temp\2d6fc2a4cab93c3d4566a5acfa8311c9ab0b9915cd19e66fa7b8f2140a214236.exe
      "C:\Users\Admin\AppData\Local\Temp\2d6fc2a4cab93c3d4566a5acfa8311c9ab0b9915cd19e66fa7b8f2140a214236.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
        "C:\ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:676
        • C:\ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
          "C:\ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe"
          4⤵
          • Executes dropped EXE
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:1920
          • C:\Program Files (x86)\Windows Media Player\wmpenc.exe
            "C:\Program Files (x86)\Windows Media Player\wmpenc.exe" /i:1920
            5⤵
              PID:1348

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
      Filesize

      267KB

      MD5

      8fab373e9fed319becc539cb252dae56

      SHA1

      9697b22f59122f20a784913c4604b54812ed3d04

      SHA256

      333d9c01257f2eaaa27598ca112f78cf1c409d9f2734d405aa24ebc5af2573b7

      SHA512

      decf01b2f7396e02c3c0b50b3196e9dfb72701574929de604e4696353e686f7a5308855d87651e09944b2380486202335640d41536b44460e034698e944c7514

      Download Submit

    • C:\ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
      Filesize

      267KB

      MD5

      8fab373e9fed319becc539cb252dae56

      SHA1

      9697b22f59122f20a784913c4604b54812ed3d04

      SHA256

      333d9c01257f2eaaa27598ca112f78cf1c409d9f2734d405aa24ebc5af2573b7

      SHA512

      decf01b2f7396e02c3c0b50b3196e9dfb72701574929de604e4696353e686f7a5308855d87651e09944b2380486202335640d41536b44460e034698e944c7514

      Download Submit

    • C:\ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
      Filesize

      267KB

      MD5

      8fab373e9fed319becc539cb252dae56

      SHA1

      9697b22f59122f20a784913c4604b54812ed3d04

      SHA256

      333d9c01257f2eaaa27598ca112f78cf1c409d9f2734d405aa24ebc5af2573b7

      SHA512

      decf01b2f7396e02c3c0b50b3196e9dfb72701574929de604e4696353e686f7a5308855d87651e09944b2380486202335640d41536b44460e034698e944c7514

      Download Submit

    • \ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
      Filesize

      267KB

      MD5

      8fab373e9fed319becc539cb252dae56

      SHA1

      9697b22f59122f20a784913c4604b54812ed3d04

      SHA256

      333d9c01257f2eaaa27598ca112f78cf1c409d9f2734d405aa24ebc5af2573b7

      SHA512

      decf01b2f7396e02c3c0b50b3196e9dfb72701574929de604e4696353e686f7a5308855d87651e09944b2380486202335640d41536b44460e034698e944c7514

      Download Submit

    • \ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
      Filesize

      267KB

      MD5

      8fab373e9fed319becc539cb252dae56

      SHA1

      9697b22f59122f20a784913c4604b54812ed3d04

      SHA256

      333d9c01257f2eaaa27598ca112f78cf1c409d9f2734d405aa24ebc5af2573b7

      SHA512

      decf01b2f7396e02c3c0b50b3196e9dfb72701574929de604e4696353e686f7a5308855d87651e09944b2380486202335640d41536b44460e034698e944c7514

      Download Submit

    • \ProgramData\5BZozm3fw0\spoaintxiPS4mg.exe
      Filesize

      267KB

      MD5

      1e7f33ab7b2afd6ad43db35218c2a920

      SHA1

      5c86f0e35cb0c828fec223ae975275980c03b21b

      SHA256

      2d6fc2a4cab93c3d4566a5acfa8311c9ab0b9915cd19e66fa7b8f2140a214236

      SHA512

      e723fadfa182eff0c5d36a3169393a8bfea84dcf595a4a425d9937f920a4aba9847f3a43b83ca52a60e1a235aff7d51aa97d6c309ffcf410aa0234999d084549

      Download Submit

    • \Users\Admin\AppData\Local\Temp\XCZaQxYbMZmI.exe
      Filesize

      267KB

      MD5

      8fab373e9fed319becc539cb252dae56

      SHA1

      9697b22f59122f20a784913c4604b54812ed3d04

      SHA256

      333d9c01257f2eaaa27598ca112f78cf1c409d9f2734d405aa24ebc5af2573b7

      SHA512

      decf01b2f7396e02c3c0b50b3196e9dfb72701574929de604e4696353e686f7a5308855d87651e09944b2380486202335640d41536b44460e034698e944c7514

      Download Submit

    • memory/1348-84-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/1348-85-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/1920-76-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/1920-83-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2040-60-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2040-66-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2040-54-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2040-59-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2040-58-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2040-56-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download