Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

a907c441cd...60.exe

windows7-x64

8

a907c441cd...60.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    161s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 16:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a907c441cdafdee27259492e0b5b3c0383f675dbd164d68978823c2057decb60.exe

  • Size

    48KB

  • MD5

    1ff8070c0dd9246a11822761780f492a

  • SHA1

    433f41cb11d107bf2c44a28f5ca3019d3505796b

  • SHA256

    a907c441cdafdee27259492e0b5b3c0383f675dbd164d68978823c2057decb60

  • SHA512

    285e4755cb43acbbf34a0b14347e3f347013d348a261238592a3d71ea795a95a3cd3e9b17d8bb8f6f877cc08a3a8028ef1171f3dd1326fb8458a9048d13505a1

  • SSDEEP

    768:NR8Yv0lgin6gxLRiSAOvJ6L5WhvkBEpKeeQybU7X1cDuhsqfGzzqwx+e1w:TSnNXvtCXgb1cZPzTxH

Score
8/10
persistenceupx

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a907c441cdafdee27259492e0b5b3c0383f675dbd164d68978823c2057decb60.exe
    "C:\Users\Admin\AppData\Local\Temp\a907c441cdafdee27259492e0b5b3c0383f675dbd164d68978823c2057decb60.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\Users\Admin\AppData\Local\Temp\a907c441cdafdee27259492e0b5b3c0383f675dbd164d68978823c2057decb60.exe
      C:\Users\Admin\AppData\Local\Temp\a907c441cdafdee27259492e0b5b3c0383f675dbd164d68978823c2057decb60.exe
      2⤵
        PID:4300

    Network

    • flag-unknown
      DNS
      226.101.242.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      226.101.242.52.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      Remote address:
      8.8.8.8:53
      Request
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      IN PTR
      Response
    • 40.79.141.153:443
      322 B
       7
    • 93.184.220.29:80
      322 B
       7
    • 93.184.221.240:80
      322 B
       7
    • 8.8.8.8:53
      226.101.242.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      226.101.242.52.in-addr.arpa

    • 8.8.8.8:53
      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa
      dns
      118 B
       204 B
       1
      1

      DNS Request

      a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4300-134-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4300-136-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4300-138-0x0000000000020000-0x0000000000031000-memory.dmp

      Filesize

      68KB

      Download

    • memory/4300-139-0x0000000010000000-0x000000001001A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4300-140-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/5092-132-0x0000000010000000-0x000000001001A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/5092-137-0x0000000010000000-0x000000001001A000-memory.dmp

      Filesize

      104KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.