Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

FC5DemoSinMod.exe

windows7-x64

8

FC5DemoSinMod.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    28s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-es
  • resource tags

    arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    12/01/2023, 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FC5DemoSinMod.exe

  • Size

    5.2MB

  • MD5

    8f5b9c3f9fd3bd9efe8f6de8dd916769

  • SHA1

    096acd78b6db5c87663fd9cca4a436cc6d69fe9f

  • SHA256

    978310522d83e9c5012be1daecc495ec84b89c9bb68643c78e8684db31022ad0

  • SHA512

    fb7d85ea6d61fe9c2e06c233c22ac5c36cdcb0a028ddcd95f98766498d97eccafae9a44752efa1cf50999b36542936808c431a7c1b83e3216fcfdfdc1bb28ae6

  • SSDEEP

    98304:f2MfNAJ0qYueLIZrafW/3jizOBPhV2ArrahnN1dqHdIwSQpDCAUp4NO/I7q:eMxqYuebfW/z+OjON1deRxDCbp1

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 4 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FC5DemoSinMod.exe
    "C:\Users\Admin\AppData\Local\Temp\FC5DemoSinMod.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
      C:\Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\msin_installer1\BDE.ZIP
    Filesize

    737KB

    MD5

    94fab9a780995a7a4d6190ecf1f29276

    SHA1

    d47fd83982ad56584bd7c3af367489963b210b41

    SHA256

    fd9eae60a31fa0c78ed8e9d3a65683fa611eb2c94c9c77deaddd796a978ad707

    SHA512

    3104386080ce0b9115f91ab0ec16cbc80ec4e2519aa465609f4077faef21b656ec691ae0fe41da34f9dfb853916294b01c0712256b4cd6269a0e90a75aa2acb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\msin_installer1\CORREOE.ZIP
    Filesize

    682KB

    MD5

    6417bdadc1a596175dcdfd193b37b135

    SHA1

    73a3b5c8395133bc67433c93661fbcd0a971fac9

    SHA256

    47a484fbe8d0f37cf5bc981b618d54fe79a9bc584eab27147a3ccda7a819b51e

    SHA512

    883f7bdbdb3d97f2fc3cc8d02d87b311b090c064bfcbd23aad110fbb77b7fc85c29087d32b098d7b5f1a080ccc7e452d3fe49dfb6b18dd918c465a10c09e3f7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
    Filesize

    951KB

    MD5

    31524dedec6ac5ade031824f31ec6f84

    SHA1

    648aa572b81d577a4cb066a0d2d770aeea0e123f

    SHA256

    62b25cc940fe0db2f8a7f678063e0b7a7d51fe0ed49cf5faa9381bfe90e7945b

    SHA512

    fecfe3ffc66caafd359ae60c4d0af2523834b9593b8403334f02f49a79fd411d01e70be0e2af03c0c902fcd21cf943945e1ddefd454c8454568b1873dd293c8b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
    Filesize

    951KB

    MD5

    31524dedec6ac5ade031824f31ec6f84

    SHA1

    648aa572b81d577a4cb066a0d2d770aeea0e123f

    SHA256

    62b25cc940fe0db2f8a7f678063e0b7a7d51fe0ed49cf5faa9381bfe90e7945b

    SHA512

    fecfe3ffc66caafd359ae60c4d0af2523834b9593b8403334f02f49a79fd411d01e70be0e2af03c0c902fcd21cf943945e1ddefd454c8454568b1873dd293c8b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\msin_installer1\PROG1.ZIP
    Filesize

    2.4MB

    MD5

    45927c8f6c158b49891c19de68c3bf3d

    SHA1

    10cde18f405f045681010a050eb7e81897fb4521

    SHA256

    9b56babf6a4d68f2254a99292d26c5c1b83a9435df7d0eabae87c12f75aff568

    SHA512

    73b9d6121d14aaf6dd058bacd0b6252af1bcc75fed65c203e3362252b480e6abb7df7f5a1cc12f88e7de701a0d251355f1734757c507c092ee3d93849ecfbe9a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
    Filesize

    951KB

    MD5

    31524dedec6ac5ade031824f31ec6f84

    SHA1

    648aa572b81d577a4cb066a0d2d770aeea0e123f

    SHA256

    62b25cc940fe0db2f8a7f678063e0b7a7d51fe0ed49cf5faa9381bfe90e7945b

    SHA512

    fecfe3ffc66caafd359ae60c4d0af2523834b9593b8403334f02f49a79fd411d01e70be0e2af03c0c902fcd21cf943945e1ddefd454c8454568b1873dd293c8b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
    Filesize

    951KB

    MD5

    31524dedec6ac5ade031824f31ec6f84

    SHA1

    648aa572b81d577a4cb066a0d2d770aeea0e123f

    SHA256

    62b25cc940fe0db2f8a7f678063e0b7a7d51fe0ed49cf5faa9381bfe90e7945b

    SHA512

    fecfe3ffc66caafd359ae60c4d0af2523834b9593b8403334f02f49a79fd411d01e70be0e2af03c0c902fcd21cf943945e1ddefd454c8454568b1873dd293c8b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
    Filesize

    951KB

    MD5

    31524dedec6ac5ade031824f31ec6f84

    SHA1

    648aa572b81d577a4cb066a0d2d770aeea0e123f

    SHA256

    62b25cc940fe0db2f8a7f678063e0b7a7d51fe0ed49cf5faa9381bfe90e7945b

    SHA512

    fecfe3ffc66caafd359ae60c4d0af2523834b9593b8403334f02f49a79fd411d01e70be0e2af03c0c902fcd21cf943945e1ddefd454c8454568b1873dd293c8b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\msin_installer1\Instalar.exe
    Filesize

    951KB

    MD5

    31524dedec6ac5ade031824f31ec6f84

    SHA1

    648aa572b81d577a4cb066a0d2d770aeea0e123f

    SHA256

    62b25cc940fe0db2f8a7f678063e0b7a7d51fe0ed49cf5faa9381bfe90e7945b

    SHA512

    fecfe3ffc66caafd359ae60c4d0af2523834b9593b8403334f02f49a79fd411d01e70be0e2af03c0c902fcd21cf943945e1ddefd454c8454568b1873dd293c8b

    Download Submit

  • memory/1316-54-0x00000000761B1000-0x00000000761B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1316-63-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download