Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

a010a2fb15...a3.exe

windows7-x64

8

a010a2fb15...a3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    186s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a010a2fb15c68dda2bb9be66fd2e7fbfbb5bd6b1d4dcb9cdba4e061f31434fa3.exe

  • Size

    217KB

  • MD5

    cd80e90938557739d4fd350efa000914

  • SHA1

    12f242bdb0bbdeb7fb6a33b0a002d2fb4ab2fe16

  • SHA256

    a010a2fb15c68dda2bb9be66fd2e7fbfbb5bd6b1d4dcb9cdba4e061f31434fa3

  • SHA512

    1430aba5530f74b4912539e6c4ea737392ee6f26ad7acc24fa0e13de71bad76720eee397c7da960dc3d80ce895abc49601bca73c656a96047149bea254b3ba10

  • SSDEEP

    6144:spshHjT4ixdhAC4yRAf8tRljV4DjvbCbg2MLfT:sCZfHqURA4pXbg2MLb

Score
8/10
bootkitpersistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a010a2fb15c68dda2bb9be66fd2e7fbfbb5bd6b1d4dcb9cdba4e061f31434fa3.exe
    "C:\Users\Admin\AppData\Local\Temp\a010a2fb15c68dda2bb9be66fd2e7fbfbb5bd6b1d4dcb9cdba4e061f31434fa3.exe"
    1⤵
    • Sets service image path in registry
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: LoadsDriver
    • Suspicious use of SetWindowsHookEx
    PID:4928

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4928-132-0x0000000000401000-0x0000000000430000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4928-133-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4928-137-0x00000000022D0000-0x00000000022E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4928-138-0x00000000022D0000-0x00000000022E1000-memory.dmp

    Filesize

    68KB

    Download