Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

db62a3effd...4c.exe

windows7-x64

8

db62a3effd...4c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db62a3effdddd7c63dc88db492c5176ed65d3e4bb22e84b24ead3c30a166bb4c.exe

  • Size

    454KB

  • MD5

    ff4f66b9c182c1ebced680589b0ac953

  • SHA1

    8f0c7826d0bd2976243a0b308fd0de8887b3565a

  • SHA256

    db62a3effdddd7c63dc88db492c5176ed65d3e4bb22e84b24ead3c30a166bb4c

  • SHA512

    48478a4b216a407c0cc40843bba7c1f2567c9c8fea08f69059d9c6f87ba6741635b5e5fc155d7f9785d89b76fcbd9998a2486b2ccac2ac66aa5d19b32b60e770

  • SSDEEP

    12288:wxoXutyRsfnortLcLt/KHsrgHwCU1Wp86X1T5zXT:wxoA3CM/yskHwCU1KvlNH

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db62a3effdddd7c63dc88db492c5176ed65d3e4bb22e84b24ead3c30a166bb4c.exe
    "C:\Users\Admin\AppData\Local\Temp\db62a3effdddd7c63dc88db492c5176ed65d3e4bb22e84b24ead3c30a166bb4c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\ProgramData\lE01803JaMaF01803\lE01803JaMaF01803.exe
      "C:\ProgramData\lE01803JaMaF01803\lE01803JaMaF01803.exe" "C:\Users\Admin\AppData\Local\Temp\db62a3effdddd7c63dc88db492c5176ed65d3e4bb22e84b24ead3c30a166bb4c.exe"
      2⤵
      • Executes dropped EXE
      • Deletes itself
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1708

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\lE01803JaMaF01803\lE01803JaMaF01803.exe
    Filesize

    454KB

    MD5

    a1e8e0d338d4d9a04c4d17ea4cce509a

    SHA1

    d5771a1b3e17ef9cbc6230c9020db16a31797858

    SHA256

    386f7d35f199aa91b032b3b0a4f3b7c9cb8f67a8d10c4942818f437647fe0818

    SHA512

    3563e32811de163143b51bf9c5e45c10cdeccd6d88c9582ad50361f22dc11d945e07a24f7b27f6f70888b1aaef93a37ebb424a181fa91ca6d317a10ac905b8a8

    Download Submit

  • C:\ProgramData\lE01803JaMaF01803\lE01803JaMaF01803.exe
    Filesize

    454KB

    MD5

    a1e8e0d338d4d9a04c4d17ea4cce509a

    SHA1

    d5771a1b3e17ef9cbc6230c9020db16a31797858

    SHA256

    386f7d35f199aa91b032b3b0a4f3b7c9cb8f67a8d10c4942818f437647fe0818

    SHA512

    3563e32811de163143b51bf9c5e45c10cdeccd6d88c9582ad50361f22dc11d945e07a24f7b27f6f70888b1aaef93a37ebb424a181fa91ca6d317a10ac905b8a8

    Download Submit

  • \ProgramData\lE01803JaMaF01803\lE01803JaMaF01803.exe
    Filesize

    454KB

    MD5

    a1e8e0d338d4d9a04c4d17ea4cce509a

    SHA1

    d5771a1b3e17ef9cbc6230c9020db16a31797858

    SHA256

    386f7d35f199aa91b032b3b0a4f3b7c9cb8f67a8d10c4942818f437647fe0818

    SHA512

    3563e32811de163143b51bf9c5e45c10cdeccd6d88c9582ad50361f22dc11d945e07a24f7b27f6f70888b1aaef93a37ebb424a181fa91ca6d317a10ac905b8a8

    Download Submit

  • \ProgramData\lE01803JaMaF01803\lE01803JaMaF01803.exe
    Filesize

    454KB

    MD5

    a1e8e0d338d4d9a04c4d17ea4cce509a

    SHA1

    d5771a1b3e17ef9cbc6230c9020db16a31797858

    SHA256

    386f7d35f199aa91b032b3b0a4f3b7c9cb8f67a8d10c4942818f437647fe0818

    SHA512

    3563e32811de163143b51bf9c5e45c10cdeccd6d88c9582ad50361f22dc11d945e07a24f7b27f6f70888b1aaef93a37ebb424a181fa91ca6d317a10ac905b8a8

    Download Submit

  • memory/1408-60-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/1408-54-0x0000000074B51000-0x0000000074B53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1408-61-0x0000000000932000-0x0000000000981000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1408-56-0x0000000000932000-0x0000000000981000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1408-55-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/1708-64-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/1708-65-0x00000000005A2000-0x00000000005F1000-memory.dmp

    Filesize

    316KB

    Download

  • memory/1708-67-0x0000000000400000-0x00000000004C1000-memory.dmp

    Filesize

    772KB

    Download

  • memory/1708-68-0x00000000005A2000-0x00000000005F1000-memory.dmp

    Filesize

    316KB

    Download