Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

61a8a4a365...dd.exe

windows7-x64

7

61a8a4a365...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2023, 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61a8a4a365edf225943d7fb5f27827c7730df5c34189e2dac1f5f23c089f79dd.exe

  • Size

    5.8MB

  • MD5

    a667b2dd0089600c4106fcc5e2d215c0

  • SHA1

    e226aaca862224f6cc8348accf3b4464e0ad3741

  • SHA256

    61a8a4a365edf225943d7fb5f27827c7730df5c34189e2dac1f5f23c089f79dd

  • SHA512

    a2c27b4c42d99ebbe1c3a35c268922b2e613abf491cbee32de13ff79340c54d3ecfb157e56f27f99e2c08fbe0b68d459616d8e36c85a168fff36d490f6d23944

  • SSDEEP

    98304:zX55fiwwWVfqPGCPG0Z2Hb57nVuUikaH5gBxNEjYS2/+:zuww3Zab57nPraH2rNEjYSW+

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies system certificate store 2 TTPs 13 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\61a8a4a365edf225943d7fb5f27827c7730df5c34189e2dac1f5f23c089f79dd.exe
    "C:\Users\Admin\AppData\Local\Temp\61a8a4a365edf225943d7fb5f27827c7730df5c34189e2dac1f5f23c089f79dd.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Modifies system certificate store
    PID:1872

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\fangdao[1].txt
    Filesize

    2B

    MD5

    444bcb3a3fcf8389296c49467f27e1d6

    SHA1

    7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

    SHA256

    2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

    SHA512

    9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{AF25D622-E55A-4a77-94B4-65F03C89AB50}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    2ab776c5c3d0907bd0379a9f28faa552

    SHA1

    3830c73548f0ddd9e6b4d8519fd8c1e49797449c

    SHA256

    cd5d367e02d7a8a48f7ce97fe4d9b3b30d554031523e79c9e4aa3dd6eedb0ed8

    SHA512

    67d25ad243f8e05dcab3efc9651cd16f8e094aa11ddc04322457b5ecfebfca64ad762cb0fb26616660fd3051be54071b26f99270c814fe916637cea1e6e55993

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{AF25D622-E55A-4a77-94B4-65F03C89AB50}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    2ab776c5c3d0907bd0379a9f28faa552

    SHA1

    3830c73548f0ddd9e6b4d8519fd8c1e49797449c

    SHA256

    cd5d367e02d7a8a48f7ce97fe4d9b3b30d554031523e79c9e4aa3dd6eedb0ed8

    SHA512

    67d25ad243f8e05dcab3efc9651cd16f8e094aa11ddc04322457b5ecfebfca64ad762cb0fb26616660fd3051be54071b26f99270c814fe916637cea1e6e55993

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{AF25D622-E55A-4a77-94B4-65F03C89AB50}.tmp\auth.dll
    Filesize

    646KB

    MD5

    ffda1cc904157c18535af8a5278f83b4

    SHA1

    54fd0c98b543db436a42d81c4b3e778a1913b929

    SHA256

    969abfceb54b61a705eb757af3cf47c583f11e16d56d1596a3804ddf328930ce

    SHA512

    6cdffee12abd53e51db606e52cf1b577fdbdfb2e57ef06d5d4e57e837910fd1f6a7c831722aac180ee445a6400aaac1dc624e341868b8f1936cb895b63c5e5f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{AF25D622-E55A-4a77-94B4-65F03C89AB50}.tmp\auth.dll
    Filesize

    646KB

    MD5

    ffda1cc904157c18535af8a5278f83b4

    SHA1

    54fd0c98b543db436a42d81c4b3e778a1913b929

    SHA256

    969abfceb54b61a705eb757af3cf47c583f11e16d56d1596a3804ddf328930ce

    SHA512

    6cdffee12abd53e51db606e52cf1b577fdbdfb2e57ef06d5d4e57e837910fd1f6a7c831722aac180ee445a6400aaac1dc624e341868b8f1936cb895b63c5e5f6

    Download Submit