Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2b789fa109...ex.exe

windows7-x64

7

2b789fa109...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b789fa1093e0dexeexeexeex.exe

  • Size

    366KB

  • MD5

    2b789fa1093e0d8830c33360ed79e6ae

  • SHA1

    fc38d44fc3a83d5c49ff9057b0b6193c2cc42cd5

  • SHA256

    68c824f12995c52ea4d17236dc53b5982dee748804e799d3fdf80cae4d99f3e1

  • SHA512

    9309a2b587ae36164d9fde3f18641c976d21542ca1fcf73a1e11a70d1f2330860579c1e3ef90ad3576d7aff8d1abea6c02a0145aab5760700d005b2f05eddf62

  • SSDEEP

    6144:1plrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:1plrVbDdQaqdS/ofraFErH8uB2Wm0SXj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b789fa1093e0dexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\2b789fa1093e0dexeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files\purposes\available.exe
      "C:\Program Files\purposes\available.exe" "33201"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\purposes\available.exe
    Filesize

    366KB

    MD5

    3787c2d1e6720df9b50efbb7b1e14993

    SHA1

    cbc1522f5bbe87eec3a03e22b82dcb9dc3e33911

    SHA256

    6e979230fdfe0e018e61c818cda8457fd485ecba99f3bcdb73a8a647de6d5f70

    SHA512

    93fff11e2cce92b031f82e07dc882cca35c87c698e96e7bb176fb2f87cb86685ffb17d06bc202a75144062039af293457f033a897524cf57ceae35ef1e5ede89

    Download Submit

  • C:\Program Files\purposes\available.exe
    Filesize

    366KB

    MD5

    3787c2d1e6720df9b50efbb7b1e14993

    SHA1

    cbc1522f5bbe87eec3a03e22b82dcb9dc3e33911

    SHA256

    6e979230fdfe0e018e61c818cda8457fd485ecba99f3bcdb73a8a647de6d5f70

    SHA512

    93fff11e2cce92b031f82e07dc882cca35c87c698e96e7bb176fb2f87cb86685ffb17d06bc202a75144062039af293457f033a897524cf57ceae35ef1e5ede89

    Download Submit

  • \Program Files\purposes\available.exe
    Filesize

    366KB

    MD5

    3787c2d1e6720df9b50efbb7b1e14993

    SHA1

    cbc1522f5bbe87eec3a03e22b82dcb9dc3e33911

    SHA256

    6e979230fdfe0e018e61c818cda8457fd485ecba99f3bcdb73a8a647de6d5f70

    SHA512

    93fff11e2cce92b031f82e07dc882cca35c87c698e96e7bb176fb2f87cb86685ffb17d06bc202a75144062039af293457f033a897524cf57ceae35ef1e5ede89

    Download Submit

  • \Program Files\purposes\available.exe
    Filesize

    366KB

    MD5

    3787c2d1e6720df9b50efbb7b1e14993

    SHA1

    cbc1522f5bbe87eec3a03e22b82dcb9dc3e33911

    SHA256

    6e979230fdfe0e018e61c818cda8457fd485ecba99f3bcdb73a8a647de6d5f70

    SHA512

    93fff11e2cce92b031f82e07dc882cca35c87c698e96e7bb176fb2f87cb86685ffb17d06bc202a75144062039af293457f033a897524cf57ceae35ef1e5ede89

    Download Submit