Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

d67cd5c799...eb.exe

windows7-x64

10

d67cd5c799...eb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d67cd5c799419b0b80ebcb801e97cfb048c1fd6f9f31522ba5981076614312eb.exe

  • Size

    465KB

  • MD5

    1267db705520f2113726ccf45468e122

  • SHA1

    be6707bd4470870493ce67400e6841d5aadf38ba

  • SHA256

    d67cd5c799419b0b80ebcb801e97cfb048c1fd6f9f31522ba5981076614312eb

  • SHA512

    3db6657c0e859799032a9cc137ff8e7397e2fca4d986f724a3f8587aafbd8be62ce562ddf4313552ae44dec09fd86ce396124cc699e2cd72cb649c8919b95cda

  • SSDEEP

    1536:ZQ7g6Y46HSmy7Cnz1He2K7IefP1DbFxe39y1QgVlttOY4qRg1cOgLG/w3J/FnQ+0:Q2kn1TBv2Lt

Score
10/10
evasionspywarestealerupx

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 4 IoCs
    evasion
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d67cd5c799419b0b80ebcb801e97cfb048c1fd6f9f31522ba5981076614312eb.exe
    "C:\Users\Admin\AppData\Local\Temp\d67cd5c799419b0b80ebcb801e97cfb048c1fd6f9f31522ba5981076614312eb.exe"
    1⤵
    • Modifies firewall policy service
    • Checks BIOS information in registry
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\D67CD5~1.EXE00.bat
      2⤵
        PID:4064

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\D67CD5~1.EXE00.bat
      Filesize

      192B

      MD5

      3fefdd2ac8a6c2fbf7b8da23cf7f1b56

      SHA1

      ae6948712717cf5cf83bc027cb379f6d6757eac5

      SHA256

      656b0b5b8f9ae75da0ad96dfaa1acc81120f94367fb675bce5f67fb45f9502f8

      SHA512

      6fcfa2745ad90d50715a289d3c62781c7a564a8ffbb1a054b2984dfc585f050b3e79e0346b178cd60a15f488a092d99a05e65da87d73bd7f906910b60dce184c

      Download Submit

    • memory/2348-132-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB

      Download

    • memory/2348-134-0x0000000000400000-0x0000000000476000-memory.dmp

      Filesize

      472KB

      Download