Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

b76a1a52ad...0b.exe

windows7-x64

8

b76a1a52ad...0b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    200s
  • max time network
    217s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b.exe

  • Size

    147KB

  • MD5

    f12c53bb735ef8b6a89fd03bcf738a6b

  • SHA1

    90162122b5aff70843011dff91782b7a29f9b27e

  • SHA256

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b

  • SHA512

    60e05a423735cc798327369dcc745eb9b0d7eb538c3c88cec141c35c05f9a9b6cade75292cc132e4ad13469d49ce9fc0933b5e47d75be1cde48471a1d23698eb

  • SSDEEP

    3072:a4f/MwMHjvsMbnrFnioT6eYu1CIFaB34ul+ezrddTSdFEJ3jWO8bCbOLHD7gbO6X:AZzWoT6RA41J7zrddtsbCbcHD7c1

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b.exe
    "C:\Users\Admin\AppData\Local\Temp\b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Windows\msa.exe
      C:\Windows\msa.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3592

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    426B

    MD5

    e0aafac7ebd274e8c7d45ea0b41ce959

    SHA1

    bfea7f02a6fc93633db36ac9de5370f1cba1b67a

    SHA256

    8be9c39af1b9e02b06cc367018cd7d1fc620e468e441e94c5cfc4f7bc2b9ff2f

    SHA512

    d7a913a540a12346de18291219c7f956a1cf229612d6ad56fe4e814645b11e49289b6027f7109e9f0b570c8768e5324d34d07cac24d47ac098f95313ba59e189

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    147KB

    MD5

    f12c53bb735ef8b6a89fd03bcf738a6b

    SHA1

    90162122b5aff70843011dff91782b7a29f9b27e

    SHA256

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b

    SHA512

    60e05a423735cc798327369dcc745eb9b0d7eb538c3c88cec141c35c05f9a9b6cade75292cc132e4ad13469d49ce9fc0933b5e47d75be1cde48471a1d23698eb

    Download Submit

  • C:\Windows\msa.exe
    Filesize

    147KB

    MD5

    f12c53bb735ef8b6a89fd03bcf738a6b

    SHA1

    90162122b5aff70843011dff91782b7a29f9b27e

    SHA256

    b76a1a52ad1776b0e00fad2a61dd6c8c2218792e07e0af1b418eb3f73172ad0b

    SHA512

    60e05a423735cc798327369dcc745eb9b0d7eb538c3c88cec141c35c05f9a9b6cade75292cc132e4ad13469d49ce9fc0933b5e47d75be1cde48471a1d23698eb

    Download Submit

  • memory/3592-141-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/3592-138-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/3592-142-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/3592-144-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4900-135-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4900-133-0x00000000005B0000-0x00000000005B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4900-134-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4900-132-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4900-143-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download