Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
290s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
14/03/2023, 22:20
General
-
Target
6213ba0f7c174d6009e248ec97de6c4bd18bfd5b51ea27a3d186092d23b64dbb.exe
-
Size
3.4MB
-
MD5
ec236b147253c8c3cf42b7fc2ccfb7cf
-
SHA1
115655d5c4170d66a3fbf32b54eede5e25b95299
-
SHA256
6213ba0f7c174d6009e248ec97de6c4bd18bfd5b51ea27a3d186092d23b64dbb
-
SHA512
c9f731e80661bb95d0976c313964816297091f8612b64e3bd80630a0e2a2d311f18c0205d4a2e932c122fb12e53fc8c2fca89420fd0015e5128eaf356fc35fcd
-
SSDEEP
49152:VnPTOKMFrJmsf6/HAv4fVCnoYcNmCCyQaxfrLkWUhsZz2RNRenjqc4i3PHkVgXI/:ZaEU6/HWQ4noYOCtapQX9ejqcT3/SgY/
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Modifies file permissions 1 TTPs 3 IoCs
-
UPX packed file 16 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of WriteProcessMemory 44 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6213ba0f7c174d6009e248ec97de6c4bd18bfd5b51ea27a3d186092d23b64dbb.exe"C:\Users\Admin\AppData\Local\Temp\6213ba0f7c174d6009e248ec97de6c4bd18bfd5b51ea27a3d186092d23b64dbb.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\icacls.exe"C:\Windows\System32\icacls.exe" "C:\ProgramData\TemplatesTemplates-type2.6.0.1" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exe"C:\Windows\System32\icacls.exe" "C:\ProgramData\TemplatesTemplates-type2.6.0.1" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exe"C:\Windows\System32\icacls.exe" "C:\ProgramData\TemplatesTemplates-type2.6.0.1" /inheritance:e /deny "admin:(R,REA,RA,RD)"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /CREATE /TN "TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1" /TR "C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe" /SC MINUTE3⤵
- Creates scheduled task(s)
-
-
C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe"C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {DA9940C5-6995-405D-8D3F-C897BB253276} S-1-5-21-1283023626-844874658-3193756055-1000:THEQWNRW\Admin:Interactive:[1]1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exeC:\ProgramData\TemplatesTemplates-type2.6.0.1\TemplatesTemplates-type2.6.0.1.exe2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
528.1MB
MD56281dbb2e69ecb1af43b3c43626c304e
SHA1498d3c8fb2fc4e83f4262b7172a50564a5e0437a
SHA25631f2da88fcfa6be496351fde4d1134f8de834052a12b621eec3377260b66c4e0
SHA512c694ca8263634a108bed41c2b90ad7f6830fca128e5baf236b71f0484936e79ac8e7062f6fccbef6739b61821647c3ed86b3438f23ff6c895e0f7ef0a868a210
-
Filesize
602.1MB
MD5ffcbba3e5b095a6de4cf58ddd6d2782e
SHA11625406fcae8657879f7ca24a10a8486a59b3ff6
SHA2569b39f5bce7741af168f2c77c98b9a3f5a8916c943b6853f68be25c721cd8352c
SHA51275436e33c3b80593f231e7cb90af6eca9186c6e9e75ebb2c4466fd284fc949b733a600d16db9752090f15c092c6a1d5262df4dbc6cbb02784cb7eecebfa6a2b1
-
Filesize
568.6MB
MD5e4107502eff5fb38511ca79efb5768b9
SHA116a574f5ea4478f3698927a238c441ac3680f450
SHA2569db2d58a3bc5c98544b9eaf405cde486631d66f476f469f3f690f80077cdc0ad
SHA512040f0e1dbf2fc20df4e9d6d6c4b5bdedcf494bc5d4a75e0519e0942b5dbf0acff46f7ac228204fc85f32a63a5323c72fb8e308aafa166dce903e40cbc26a06ca
-
Filesize
480.1MB
MD5a21ae52f6314a6a191c0aa960e5f5364
SHA1308201584cabe2266a1b297421f95c159bb02930
SHA256444dd25c578a657cd06e57388d7d204f3a3653ab9acd341888442bee491c69bb
SHA512213fa7d47b8a1415fd46756ce2ab166d5c13183b4048a79eb7fb448c7f920d273def1bbffda56cbb3bffcf1393077a0e79ce826f506a0a24de79a2d8ecd5e829
-
Filesize
617.6MB
MD569509688b7a8d22337b0dae1a761be21
SHA1a62c83926fee04ffc8a9b0b9559ea7f96e7d1892
SHA2568e0c2a59897e477d11874e41ef0b24da644dbab2165ba0db20fbc01e1a86782b
SHA512a0f4d6cdfceb13bbc1dae48edd6e1d83855df3bbd6ba34f56899f1387cb6d4053ccf14012ca1b171aec41e5e6bc9e4c41096140d92e526ff1610aee6322e1c73
-
Filesize
561.5MB
MD52f241985562816d74b6dcbd9eccfdddb
SHA18bc0cebf127f9c0e638de7a1c35d7c713aa8df89
SHA256d3d5928f75206043baf177a38f87946f1b74040bee6dd93119f42e58d8f2b994
SHA512724c9e701fad57b4093e1e4364147d6af6bd4fcf3df0e556ae140be6fede0688c091eed75751a4349c7aab385938a5a6c16b43f611235c03ee17f496d788973f
-
Filesize
478.1MB
MD551398f81f8d5fc2fc17a826797d70b1a
SHA1f483b4aad7402907e33ecbf40fa6393681f11798
SHA256778032f0730e0596d918de144f4b78042356c4cb5f776c1af3d260c2f602a2a7
SHA5129f7a63b11c70918a79930e8e146ec402ed30540e41e8ee778b0f1836cc6cff79945d88523d61f2424e90bf9889a88f462bf2f20d866d7836cedff7b8a5e80347
-
Filesize
483.5MB
MD5ead5ad2195bb34f9d3f7bd0c95fc1ada
SHA1d6ed9382b379dfd57c238625e343775ffa4079e7
SHA2565782daf54b3465e41762f7070d518a4b80e84c26f890005a05d519d0dace0eaa
SHA512f80bffd925ec9f7d4eec2d02b9c1233bce93eb7078d27652d56081a78f2bf8c83ca9dec9fb5c8826d5e20508b4fa960c18414b5c45bf1c019bda697cd8e2e557
-
Filesize
256KB
-
Filesize
3.4MB
-
Filesize
256KB
-
Filesize
5.1MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
5.1MB
-
Filesize
3.4MB
-
Filesize
4KB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
5.1MB