Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

86e4a06588...84.exe

windows7-x64

8

86e4a06588...84.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2022, 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84.exe

  • Size

    364KB

  • MD5

    3133f8708f1c0ac83f1232a6d69c3f4d

  • SHA1

    9edd40e963ee46cd3cc3e4bfbadedca419f2e4bd

  • SHA256

    86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84

  • SHA512

    385e4f080f99398d54acdefd4cc0c1e57ba021e452a3be0ca1f6bebf7f795bcc2dac146aa8cab5d7341ba5a170ece566161a43efa5adbdcec676c56323ee5475

  • SSDEEP

    6144:wBMTvQEYBpy8wLY/5fxpKfS7YURZlO52/DxSVeHSl8dXnll1:grpSOzOEBE2/DIohpll

Score
8/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84.exe
    "C:\Users\Admin\AppData\Local\Temp\86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Users\Admin\AppData\Local\Temp\86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84.exe
      "C:\Users\Admin\AppData\Local\Temp\86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84.exe" BOMBARDAMAXIMUM
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1584

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84
    Filesize

    192B

    MD5

    40188de1f49db41d1c61f88385541ece

    SHA1

    09f572c30f77e921d7d47e4204fa3e0e16097ed2

    SHA256

    2605fa3c9a3d1a4a486d1f837462d1515dfd9211cd9069a87bacae964172b919

    SHA512

    9b4a7dc09adb0d4a3abe7221227502e0edafa15d57831c2f16aeaec3d43a9e7f630f26ed4eb4534131045e4bb9117adcc3e29a63fa74485bff14fc8c9523b726

    Download Submit

  • C:\ProgramData\86e4a065882ab2ad53d3ac779c7316e8f877d716d0106bb39c524a91d9e2da84
    Filesize

    192B

    MD5

    7a710073831841262d3e92dbd8901818

    SHA1

    176f96392134bd5f904f5312bec748817d066582

    SHA256

    6f1d7dcb4b7c593874a59811a92c1d502c2f3f951cdc47d7c3fee634db97372c

    SHA512

    bb4a68e076193dc1e3038f32e85c37697b1aa0d8bb2766c74ae67c81238e98bb19b2b5e6b9fdb86f8e7dab211a0508cd9d72fff79851cda9101195ce44d7e291

    Download Submit

  • memory/1404-54-0x0000000075881000-0x0000000075883000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1404-55-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1404-57-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1404-58-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1404-66-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1584-65-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1584-67-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download

  • memory/1584-68-0x0000000000400000-0x00000000004EB000-memory.dmp

    Filesize

    940KB

    Download