Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

f69aa40fd9...ae.exe

windows7-x64

8

f69aa40fd9...ae.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    138s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f69aa40fd95da825195a4297d944d1d2ae5ca3e56a19f92a5b51a971c9eee4ae.exe

  • Size

    54KB

  • MD5

    1b85c9dc9bc793916b756f1d2c643020

  • SHA1

    e4e9e2ce1b8ecb4ebf61c7a8e580066cd93e3d28

  • SHA256

    f69aa40fd95da825195a4297d944d1d2ae5ca3e56a19f92a5b51a971c9eee4ae

  • SHA512

    829114f4abbf59825e5138e0f0106b4f843ed30647096fc66aaef86e1f0865b380ae60042b64bd5ff18ff890a095ae94615d0780df9050ee3e46b7e2542caaf9

  • SSDEEP

    768:hw0+plbiIizLF9kaHyVvlm4CbWbu1Fqncxc39Kv:hDzIiwuyVs4WWK1Fqn6c9K

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f69aa40fd95da825195a4297d944d1d2ae5ca3e56a19f92a5b51a971c9eee4ae.exe
    "C:\Users\Admin\AppData\Local\Temp\f69aa40fd95da825195a4297d944d1d2ae5ca3e56a19f92a5b51a971c9eee4ae.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious behavior: RenamesItself
    PID:1196

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1196-132-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1196-133-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download