Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

a52c27dafb...30.exe

windows7-x64

8

a52c27dafb...30.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    318s
  • max time network
    331s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 21:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe

  • Size

    71KB

  • MD5

    e5eebe174517d702dcad60eee1a493f7

  • SHA1

    e993e9239035e4d55b67d7d4d0257b1e2b6df11a

  • SHA256

    a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230

  • SHA512

    d2dc6b5a5c32f55074aed3e0a0f2b5f1ad64af80aa53857483637a95f415cb1c05210cc7d6c9d7b4d2aeb552848d16c2b2aeb149cdc6be4865076fd2ddd01adf

  • SSDEEP

    1536:TPn8njURvkTcvuxfTfQPnOWmTK+5+Vcm2oBKrHDX5:TUnjURvkTcvYfUPnjVcm2oBKrjX

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe
    "C:\Users\Admin\AppData\Local\Temp\a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Drops file in System32 directory
    PID:3664
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1500

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\u14117208.dll
    Filesize

    64KB

    MD5

    721d7448a4d4bfdd1407f4459b925722

    SHA1

    345a40cf08ecb1d1f04a3c1274b265bca3362ace

    SHA256

    c5da3222bc8ab0563022553e616de063bd71ee2ab096c86035cdc89a1bbe2b4a

    SHA512

    20ac4859647e9f39b59bae550345bd2377a7f67c2a57e4fc1494da9ad5cee439e31344c8a23a9fcb71eceee7a75a869588567a335bf6bd0c66fb4c9c18de98b1

    Download Submit

  • \??\c:\windows\SysWOW64\u14117208.dll
    Filesize

    64KB

    MD5

    721d7448a4d4bfdd1407f4459b925722

    SHA1

    345a40cf08ecb1d1f04a3c1274b265bca3362ace

    SHA256

    c5da3222bc8ab0563022553e616de063bd71ee2ab096c86035cdc89a1bbe2b4a

    SHA512

    20ac4859647e9f39b59bae550345bd2377a7f67c2a57e4fc1494da9ad5cee439e31344c8a23a9fcb71eceee7a75a869588567a335bf6bd0c66fb4c9c18de98b1

    Download Submit