Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

ce28bf0a88...00.exe

windows7-x64

8

ce28bf0a88...00.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    123s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 17:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce28bf0a884fb23e5a5db018a758301b458d4ce28e57e565aa53ca7b6526c400.exe

  • Size

    724KB

  • MD5

    43ae74d2f4f9c509c2a6f998a939bdd9

  • SHA1

    e264a6199ea5cb590cd5f42f61cad36ce432cbeb

  • SHA256

    ce28bf0a884fb23e5a5db018a758301b458d4ce28e57e565aa53ca7b6526c400

  • SHA512

    a6978fbc98aeeb405ac3573a62bb507a8f75cd4c59fe07e1762529cbcb0b07941ae22b61568b0274229dc0f98ffdb6a42d3f7a6e59045f707e0156ee14a6f60e

  • SSDEEP

    12288:M3jrH/k8yJnIy/yJW5A+L2S03Ve+mlwI4+/kz/zc7Ab1id5QFJdvQz5h4tkbD:M33fk8fMyJW5A+vIUOInkz/zc7Abhdve

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce28bf0a884fb23e5a5db018a758301b458d4ce28e57e565aa53ca7b6526c400.exe
    "C:\Users\Admin\AppData\Local\Temp\ce28bf0a884fb23e5a5db018a758301b458d4ce28e57e565aa53ca7b6526c400.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1324
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:1260
  • C:\Windows\smss.exe
    C:\Windows\smss.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:852
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:276
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x2e4
      1⤵
        PID:468

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\Delete.bat
        Filesize

        250B

        MD5

        5f672437065dee887c5c44ff0865b8e1

        SHA1

        4d443865c8c902921b8b483cb2439c76746e3cfe

        SHA256

        254aae03fff78942608d5fa5701607fdfdd754e840af033ff0659b4782647fd2

        SHA512

        ef706bf85174ca7b7e6d0dc7bd92e9c0d5efdc046a756b607813085397f7157b7e64bd7fd87d55ed20b4c8b6c437da50de68eaffb8a2d35f753ddf0cc9bf2b2f

        Download Submit

      • C:\Windows\smss.exe
        Filesize

        724KB

        MD5

        43ae74d2f4f9c509c2a6f998a939bdd9

        SHA1

        e264a6199ea5cb590cd5f42f61cad36ce432cbeb

        SHA256

        ce28bf0a884fb23e5a5db018a758301b458d4ce28e57e565aa53ca7b6526c400

        SHA512

        a6978fbc98aeeb405ac3573a62bb507a8f75cd4c59fe07e1762529cbcb0b07941ae22b61568b0274229dc0f98ffdb6a42d3f7a6e59045f707e0156ee14a6f60e

        Download Submit

      • C:\Windows\smss.exe
        Filesize

        724KB

        MD5

        43ae74d2f4f9c509c2a6f998a939bdd9

        SHA1

        e264a6199ea5cb590cd5f42f61cad36ce432cbeb

        SHA256

        ce28bf0a884fb23e5a5db018a758301b458d4ce28e57e565aa53ca7b6526c400

        SHA512

        a6978fbc98aeeb405ac3573a62bb507a8f75cd4c59fe07e1762529cbcb0b07941ae22b61568b0274229dc0f98ffdb6a42d3f7a6e59045f707e0156ee14a6f60e

        Download Submit

      • memory/1324-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

        Filesize

        8KB

        Download