Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

Device/Har...er.exe

windows7-x64

4

Device/Har...er.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    142s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2023, 11:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Device/HarddiskVolume6/Sabari Backup/Downloads/DriverDownloader.exe

  • Size

    5.1MB

  • MD5

    3696d1e86bf61543963bceca8a07db31

  • SHA1

    dd94e55b185fbfa188a027f15e30d036307fa596

  • SHA256

    823296474f6e2ca98cc7feadab2413e07e1a9b776952a17877e39222ed3a844b

  • SHA512

    7d98a7d1e2e10c06d017fb846a716dceba1428232dadb0349e3bd8a385007affb6a60a749d591427c7db3e90ef6ba29c78a17294c5ae15cb03a7dd18522c6631

  • SSDEEP

    98304:b1QTFoiJXuo67quE9qk7+bgxy4d7GJtfIRqO22moa49Gte:x6v1uo6m9qk7i+bqtiu4b

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume6\Sabari Backup\Downloads\DriverDownloader.exe
    "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume6\Sabari Backup\Downloads\DriverDownloader.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Users\Admin\AppData\Local\Temp\is-635E3.tmp\DriverDownloader.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-635E3.tmp\DriverDownloader.tmp" /SL5="$A0126,4610435,721408,C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume6\Sabari Backup\Downloads\DriverDownloader.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-635E3.tmp\DriverDownloader.tmp
    Filesize

    2.4MB

    MD5

    e56b13f185f5d1a0c4e2faf3d64b65f9

    SHA1

    b23000a311a6d1404bbfcbd544862b307211993c

    SHA256

    a4b773ab4bcbbc4844caf4a60bfda4faf4d67e874a84c00fde03656d5c0b77d5

    SHA512

    4f2d981524911005d8a109c6f1ca8faea3ca3d25ed6db1a27afff8c8b9f4715785e1e3a22e3bbde74986aaa79642abf59adb923cc52c3ac64d40bf0ba8506ff0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-635E3.tmp\DriverDownloader.tmp
    Filesize

    2.4MB

    MD5

    e56b13f185f5d1a0c4e2faf3d64b65f9

    SHA1

    b23000a311a6d1404bbfcbd544862b307211993c

    SHA256

    a4b773ab4bcbbc4844caf4a60bfda4faf4d67e874a84c00fde03656d5c0b77d5

    SHA512

    4f2d981524911005d8a109c6f1ca8faea3ca3d25ed6db1a27afff8c8b9f4715785e1e3a22e3bbde74986aaa79642abf59adb923cc52c3ac64d40bf0ba8506ff0

    Download Submit

  • memory/924-62-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/924-66-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/924-67-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2012-54-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2012-65-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download