Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

2cf2e6cd68...4d.exe

windows7-x64

8

2cf2e6cd68...4d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 06:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2cf2e6cd68f99109073f6f42bc7d2b71763909798df077832c104027dcd3114d.exe

  • Size

    233KB

  • MD5

    27fcfe6e4e53f50cbddbee2ffb1735f0

  • SHA1

    97e47034230ffc19fa7f32baf1f4310bc924f68a

  • SHA256

    2cf2e6cd68f99109073f6f42bc7d2b71763909798df077832c104027dcd3114d

  • SHA512

    f511bd4af841af06f6099bf7db9c0c3105673f9fde116a7a7721f175cee2e37081a33950aa006e787afdf0ddb482b49ab1310b9ac0dff24ff9aecbb3da41dfe2

  • SSDEEP

    6144:eSH4NMEb+LED2x8mxkmmxXnlw/xfnj5ht:eSH9Eb+LEC9xsJ4j5h

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cf2e6cd68f99109073f6f42bc7d2b71763909798df077832c104027dcd3114d.exe
    "C:\Users\Admin\AppData\Local\Temp\2cf2e6cd68f99109073f6f42bc7d2b71763909798df077832c104027dcd3114d.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2260
  • C:\PROGRA~3\Mozilla\wlgmldg.exe
    C:\PROGRA~3\Mozilla\wlgmldg.exe -tefqmxb
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:1452

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\wlgmldg.exe
    Filesize

    233KB

    MD5

    68f7287cf2a28d28a3400b6a1873558b

    SHA1

    9bf6dceb6c25ca2bf9f91e286cc1dd246a748861

    SHA256

    961448fb689eb530af3b3458f42f43639647f099200107648c89bcf65b097a6d

    SHA512

    7f68746689301cacee33022210e107aa7a666edce68be043828df58bcf9ee7ff10d69fe81cd31cf444793d012034e19f66a27e668d6e2e0079b3677aa235de8c

    Download Submit

  • C:\ProgramData\Mozilla\wlgmldg.exe
    Filesize

    233KB

    MD5

    68f7287cf2a28d28a3400b6a1873558b

    SHA1

    9bf6dceb6c25ca2bf9f91e286cc1dd246a748861

    SHA256

    961448fb689eb530af3b3458f42f43639647f099200107648c89bcf65b097a6d

    SHA512

    7f68746689301cacee33022210e107aa7a666edce68be043828df58bcf9ee7ff10d69fe81cd31cf444793d012034e19f66a27e668d6e2e0079b3677aa235de8c

    Download Submit

  • memory/1452-138-0x0000000000710000-0x000000000076B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1452-139-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1452-140-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2260-132-0x00000000021E0000-0x000000000223B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2260-133-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2260-134-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2260-135-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download