Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

d7df79f551...b2.exe

windows7-x64

7

d7df79f551...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2.exe

  • Size

    284KB

  • MD5

    d1983e2c4b8ffe2255a0c6b36bcf82e8

  • SHA1

    0e884d568e2bf02ca2773519fdc5d74a6a6c3b0b

  • SHA256

    d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2

  • SHA512

    293a7770d0d061cf575e793838b7b5175d5ff6bb50fd97c1f090926093789193853d12c2de58d4390dfa9c5c0b446e6c86d24d2fbf52f2975fdc16cc3280220c

  • SSDEEP

    6144:wHogBfdMhCuPz9ww5uZbFxaSsBk3+ufkVsXXkSGdG+:5QupwGgbjPsBBuf05JdG+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2.exe
    "C:\Users\Admin\AppData\Local\Temp\d7df79f55177f6bbf980c0526ec7f93c39ae5ff58f4e1684e5d3c8ec4e7681b2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:208
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Uwap\Hqwipxmoq.jpg
    Filesize

    228KB

    MD5

    1b8ef40fce666d9cd84cf644ffb770c9

    SHA1

    f2ee543a63576ccbd6dbfee5260a5e56ca8bd1df

    SHA256

    847e6cd6989af44c7cd1c91affcdb0d8783cc617ab331c2ad15ded2121873df8

    SHA512

    3aaa23966048678a9571a3cb0d7a0c91c74463c626c571d78200f20aca0f6ef00ed4b5153b9eb2982cb9c63c9157e87440c26470e4e735a46428a520120790db

    Download Submit

  • C:\Windows\xinstall1073500.dll
    Filesize

    210KB

    MD5

    c8db214ac7ad44911a2423858151f796

    SHA1

    785910bef3ac03d6e9ee3b6028c4081fd26e405c

    SHA256

    ec1338cc54c91086f71dc99de97deab89c6b0155a2974ea452e72ec57fad146a

    SHA512

    ebcc9149b1d8dea9c95f135a208a32ac1cdfe9d9eec67b590c1a17c704986283f18c8395b4a6d9136f99dd2ec2a977b2ab19a493bbc6dfc4f4dc9794c644c7a1

    Download Submit

  • C:\windows\xinstall1073500.dll
    Filesize

    210KB

    MD5

    c8db214ac7ad44911a2423858151f796

    SHA1

    785910bef3ac03d6e9ee3b6028c4081fd26e405c

    SHA256

    ec1338cc54c91086f71dc99de97deab89c6b0155a2974ea452e72ec57fad146a

    SHA512

    ebcc9149b1d8dea9c95f135a208a32ac1cdfe9d9eec67b590c1a17c704986283f18c8395b4a6d9136f99dd2ec2a977b2ab19a493bbc6dfc4f4dc9794c644c7a1

    Download Submit

  • \??\c:\Win_lj.ini
    Filesize

    133B

    MD5

    a80017ba31f33ba697532d4559fa8f35

    SHA1

    2d8d039ddcf141149ab827ad24169e9cfacaeae0

    SHA256

    4c22842aaa7556533059fd76628a42d65ed38891abffc10873d2e812be4de8d7

    SHA512

    a6519f7e56bc34a9b315f0e2cbdc5007fd1efa434b075c14b66f7e2a4ee05a22c8550f10a14a198edba048ad457aef2bf829666b009a60f34ac3d46006324b82

    Download Submit

  • \??\c:\program files (x86)\uwap\hqwipxmoq.jpg
    Filesize

    228KB

    MD5

    1b8ef40fce666d9cd84cf644ffb770c9

    SHA1

    f2ee543a63576ccbd6dbfee5260a5e56ca8bd1df

    SHA256

    847e6cd6989af44c7cd1c91affcdb0d8783cc617ab331c2ad15ded2121873df8

    SHA512

    3aaa23966048678a9571a3cb0d7a0c91c74463c626c571d78200f20aca0f6ef00ed4b5153b9eb2982cb9c63c9157e87440c26470e4e735a46428a520120790db

    Download Submit

  • memory/208-133-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/208-136-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/4008-139-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/4008-140-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download