Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

easyMalici...57.exe

windows7-x64

10

easyMalici...57.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2023, 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easyMalicious301a0a4c3657.exe

  • Size

    1.1MB

  • MD5

    6c9ae6a5faca4239a20338baa3b99914

  • SHA1

    fac3a387f9ceea59015838f285267eb8fa7e6172

  • SHA256

    a9349ce64063f9ca04d9efcaec3947002a9b71876cd863c581ce0528db4c3a69

  • SHA512

    396b2e31ef149d12d66c6980eef33467f774731216ac5aa6779e813e11d2bd598cd09c436213a334f0971687e46d988f2b6d8b5f029cb137ddb3552204625c40

  • SSDEEP

    24576:p1b2N67Wx7SsKfSnvgwnc8tbycW7d7u1mxzezX3vErO5eODepB:pwN67q7HJocv1TX3ZEOW

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 43 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\easyMalicious301a0a4c3657.exe
    "C:\Users\Admin\AppData\Local\Temp\easyMalicious301a0a4c3657.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:1488
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:944

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\xdccPrograms\7zFM.exe
    Filesize

    1.1MB

    MD5

    c1b35c20f7c978aa8acafa2f9d1c2e36

    SHA1

    d90201d41d0db0624fd9881f546db6919f806b5e

    SHA256

    570808a286c27d509a3224a4700ff5b72df43312afd73ef8aac1070322be600e

    SHA512

    f4201191cdc0257134741ab92cfa42dd5fd7abacd07af9ff62751a2026c7f7ffab01982ce1c241d5707658167c760638aeed3bc89f1f039158c56302155259a2

    Download Submit

  • memory/1488-149-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-157-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-158-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-159-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-160-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-161-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-162-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-163-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-164-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-165-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-166-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-169-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-170-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1488-172-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download