Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

b0bc1edee9...8e.exe

windows7-x64

8

b0bc1edee9...8e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b0bc1edee90f531e87fd46fa4729366c5e4cd46507f98f8ef97188fca8f45c8e.exe

  • Size

    216KB

  • MD5

    79b58f50dc76ec667a996e8fe2af3d14

  • SHA1

    b68a4cdfc2093955b6692b10c7a5888e6c695d1c

  • SHA256

    b0bc1edee90f531e87fd46fa4729366c5e4cd46507f98f8ef97188fca8f45c8e

  • SHA512

    dce0e40b98c62bfadb3dc2c7964465d8dd1bd03b0e8bd817ebca9c7ebdc6a19a56890b1d5d505967fcb563446718c507b1bc6afee16343d18f5b6e48e3b8c74d

  • SSDEEP

    3072:+37TFytkq+usgdZRK3w4AkF3M1NToHtbrZf:+37ctlO+P4j3ST4tbrZf

Score
8/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0bc1edee90f531e87fd46fa4729366c5e4cd46507f98f8ef97188fca8f45c8e.exe
    "C:\Users\Admin\AppData\Local\Temp\b0bc1edee90f531e87fd46fa4729366c5e4cd46507f98f8ef97188fca8f45c8e.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Users\Admin\AppData\Local\Temp\b0bc1edee90f531e87fd46fa4729366c5e4cd46507f98f8ef97188fca8f45c8e.exe
      C:\Users\Admin\AppData\Local\Temp\b0bc1edee90f531e87fd46fa4729366c5e4cd46507f98f8ef97188fca8f45c8e.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1404
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Deletes itself
        • Adds Run key to start application
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:668
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:576
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:576 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1616

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TO1BTO6K.txt
    Filesize

    601B

    MD5

    bbd460878a0cfc764514001145b35254

    SHA1

    aa0b59780f69a9640803d6676eb6983822af7007

    SHA256

    52fb5257b76acb921fcb88557ea73186e8371d3fbddb0c129578dfc785b9570a

    SHA512

    2a515e0c448b142ad7f252b539da33f4f3d58c5171d10d81e39a687334fee56e26fa131fc0ae461915dc391fd1f8d11769256a187e5640f7ac90fa9e7046e773

    Download Submit

  • memory/1404-87-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-92-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-57-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-59-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-61-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-94-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-65-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-69-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-70-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-73-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-75-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-77-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-79-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-81-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-83-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-85-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-135-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-56-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-89-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-63-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-98-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-96-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-100-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-102-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-104-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-106-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-108-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-110-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-112-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-114-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-116-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-118-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-120-0x0000000000350000-0x000000000039E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1404-126-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1816-54-0x0000000075511000-0x0000000075513000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1816-55-0x0000000000400000-0x000000000044B000-memory.dmp

    Filesize

    300KB

    Download