Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

46fc7dbfbf...JC.exe

windows7-x64

7

46fc7dbfbf...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2023, 12:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46fc7dbfbfc689exeexe_JC.exe

  • Size

    75KB

  • MD5

    46fc7dbfbfc6894483495ed6c1c03dfa

  • SHA1

    1eb147f1822cdf52346c8ca12584942712760604

  • SHA256

    9b57bfde616d3b16a555f75e5ccdf01522f5f15a176aaffc2dac72f8d40afe67

  • SHA512

    fb0e35b84d2378e2f079740930bdfe8ed9b07317e348bb1f0f4c5873e4459b19b3610a844840267c626a8e96dc1e8e97c7b57bdd092b8fc6b8b4ee683f7e5334

  • SSDEEP

    1536:vj+jsMQMOtEvwDpj5HwYYTjipvF2hBfVtd:vCjsIOtEvwDpj5H9YvQd21

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46fc7dbfbfc689exeexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\46fc7dbfbfc689exeexe_JC.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Users\Admin\AppData\Local\Temp\misid.exe
      "C:\Users\Admin\AppData\Local\Temp\misid.exe"
      2⤵
      • Executes dropped EXE
      PID:2036

Network

  • flag-us
    DNS
    bestccc.com
    misid.exe
    Remote address:
    8.8.8.8:53
    Request
    bestccc.com
    IN A
    Response
    bestccc.com
    IN A
    103.14.121.240
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     132 B
     4
    3
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    438 B
     259 B
     6
    6
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    334 B
     219 B
     6
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    354 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    288 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    190 B
     92 B
     4
    2
  • 103.14.121.240:443
    bestccc.com
    tls
    misid.exe
    392 B
     219 B
     5
    5
  • 103.14.121.240:443
    bestccc.com
    misid.exe
    152 B
     3
  • 8.8.8.8:53
    bestccc.com
    dns
    misid.exe
    57 B
     73 B
     1
    1

    DNS Request

    bestccc.com

    DNS Response

    103.14.121.240

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    75KB

    MD5

    559560e9ecb677e78c77b91edce16fc5

    SHA1

    b205c37c3f825dbd4806a537a0f052d245fd4b27

    SHA256

    80a7e127da22831b4e25e1517f075190ef8ab053e4de5ea3e724fe86829b998d

    SHA512

    9b5d6d60e9f48b4920bf36659f696aa875db37aa4084192b90224f3cb2fe48e81a2fe5caa3f683954077f8c861882d2b799a26e4a37bc90700fcb586a701291c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    75KB

    MD5

    559560e9ecb677e78c77b91edce16fc5

    SHA1

    b205c37c3f825dbd4806a537a0f052d245fd4b27

    SHA256

    80a7e127da22831b4e25e1517f075190ef8ab053e4de5ea3e724fe86829b998d

    SHA512

    9b5d6d60e9f48b4920bf36659f696aa875db37aa4084192b90224f3cb2fe48e81a2fe5caa3f683954077f8c861882d2b799a26e4a37bc90700fcb586a701291c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\misid.exe
    Filesize

    75KB

    MD5

    559560e9ecb677e78c77b91edce16fc5

    SHA1

    b205c37c3f825dbd4806a537a0f052d245fd4b27

    SHA256

    80a7e127da22831b4e25e1517f075190ef8ab053e4de5ea3e724fe86829b998d

    SHA512

    9b5d6d60e9f48b4920bf36659f696aa875db37aa4084192b90224f3cb2fe48e81a2fe5caa3f683954077f8c861882d2b799a26e4a37bc90700fcb586a701291c

    Download Submit

  • memory/2036-70-0x0000000000460000-0x0000000000466000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2036-69-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2604-54-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2604-55-0x00000000002B0000-0x00000000002B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2604-56-0x0000000000280000-0x0000000000286000-memory.dmp

    Filesize

    24KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.