Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

d7df79f551...b2.exe

windows7-x64

7

d7df79f551...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2.exe

  • Size

    284KB

  • MD5

    d1983e2c4b8ffe2255a0c6b36bcf82e8

  • SHA1

    0e884d568e2bf02ca2773519fdc5d74a6a6c3b0b

  • SHA256

    d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2

  • SHA512

    293a7770d0d061cf575e793838b7b5175d5ff6bb50fd97c1f090926093789193853d12c2de58d4390dfa9c5c0b446e6c86d24d2fbf52f2975fdc16cc3280220c

  • SSDEEP

    6144:wHogBfdMhCuPz9ww5uZbFxaSsBk3+ufkVsXXkSGdG+:5QupwGgbjPsBBuf05JdG+

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2.exe
    "C:\Users\Admin\AppData\Local\Temp\d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1488
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\windows\xinstall684000.dll
    Filesize

    210KB

    MD5

    c8db214ac7ad44911a2423858151f796

    SHA1

    785910bef3ac03d6e9ee3b6028c4081fd26e405c

    SHA256

    ec1338cc54c91086f71dc99de97deab89c6b0155a2974ea452e72ec57fad146a

    SHA512

    ebcc9149b1d8dea9c95f135a208a32ac1cdfe9d9eec67b590c1a17c704986283f18c8395b4a6d9136f99dd2ec2a977b2ab19a493bbc6dfc4f4dc9794c644c7a1

    Download Submit

  • \??\c:\Win_lj.ini
    Filesize

    132B

    MD5

    a29deac85b48171dddf57a0c2e033bea

    SHA1

    4d657b2488fe2eb22fa1b9d24f5b566464c783ba

    SHA256

    4c83e76984acc604c71a4b09b7cebb840b802466992da94aacb0b7dc5196fa6a

    SHA512

    f141a9203469165c3cea36826e07499099c51fb5f4aaa29bfa2d31a5d8fa44c1f7376f0093259d267bc9945d89f032f2b49801961b7cd378a5788fb4f0a972a5

    Download Submit

  • \??\c:\program files (x86)\uwap\hqwipxmoq.jpg
    Filesize

    5.8MB

    MD5

    c14f6ee092383de2d83bbbe364f23258

    SHA1

    59a5be12a65da3348e9f93803288f51e3e8bc82e

    SHA256

    752a874681d59c46b3175046543f1be52bc120656e98376674f08bbdc55d90f0

    SHA512

    3347fd340479c30887086be672940c76a9540240ca1fe4dbeaaf571ee1d98b631feedcf74fc2bf43061ce28b898048de4cf5027692186eaeb0a156aaeb7cafe8

    Download Submit

  • \Program Files (x86)\Uwap\Hqwipxmoq.jpg
    Filesize

    5.8MB

    MD5

    c14f6ee092383de2d83bbbe364f23258

    SHA1

    59a5be12a65da3348e9f93803288f51e3e8bc82e

    SHA256

    752a874681d59c46b3175046543f1be52bc120656e98376674f08bbdc55d90f0

    SHA512

    3347fd340479c30887086be672940c76a9540240ca1fe4dbeaaf571ee1d98b631feedcf74fc2bf43061ce28b898048de4cf5027692186eaeb0a156aaeb7cafe8

    Download Submit

  • memory/1488-54-0x0000000076681000-0x0000000076683000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1488-56-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1488-61-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2044-62-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download