Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1bed47ad74...3d.exe

windows7-x64

7

1bed47ad74...3d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2023, 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1bed47ad74390ce8a0851540d51dff6f0ab4ece886fa498caa46dba19472e33d.exe

  • Size

    3.9MB

  • MD5

    af58c0932b4f8dc9d5b42d082e54a1c4

  • SHA1

    0e08f0ed47bfba13b331760558d5729563e02bee

  • SHA256

    1bed47ad74390ce8a0851540d51dff6f0ab4ece886fa498caa46dba19472e33d

  • SHA512

    fd27a582e1949138d1f20c666da8efcd5bf80d92dc02409c61c2677564f09aa6acd381103a38b359e73fe1f497787b587a9a23c9f30e5ea58984b087a594fedc

  • SSDEEP

    98304:W8REG2CFkZenqAd2JwB3hVzcpm13KI2qmKuLlly:FREcSZ+td2JLpi6I2qYy

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 27 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 40 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1bed47ad74390ce8a0851540d51dff6f0ab4ece886fa498caa46dba19472e33d.exe
    "C:\Users\Admin\AppData\Local\Temp\1bed47ad74390ce8a0851540d51dff6f0ab4ece886fa498caa46dba19472e33d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\SysWOW64\cmd.exe
      /c wmic diskdrive get serialnumber
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2296
      • C:\Windows\SysWOW64\Wbem\WMIC.exe
        wmic diskdrive get serialnumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab626D.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar64E0.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\seerdll\GCE.dll
    Filesize

    67KB

    MD5

    3b8cc8eaaca02cb308c85c7280852ade

    SHA1

    5813f4d3f28c00e744856860e2fdda1818f60680

    SHA256

    cb22ff7b7dc5235a7d749499dcbcbac10047f2fc9568ecdbafefe7b8f7f760c1

    SHA512

    e1a2b1e595f1099f0b141e33905f050104924c5a6f87b6bb4fc77274441926d826bda035bbfae51bd75d22a207415aca35526270c7005b5545ead636a80e82b0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\HPSocket4C.dll
    Filesize

    2.1MB

    MD5

    c091a823c41bb5bc6c5a1ab6c926504c

    SHA1

    7b358a9211f8f5e3ce22f38075caf605fc4d2032

    SHA256

    c58334cb8bd8e7a2c998d0717fff8bacbd873ab949e40a0e5f053dd51b67cca4

    SHA512

    742ea0c78115f602c16a793d6d34ea97f0ff8bd4fc1ab28b90b7b7a3dc6fe6b921615ce97c0b23839e18f632d8e09f4319052de532dd9d31b70a22f12b7cc68d

    Download Submit

  • \seerdll\GCE.dll
    Filesize

    67KB

    MD5

    3b8cc8eaaca02cb308c85c7280852ade

    SHA1

    5813f4d3f28c00e744856860e2fdda1818f60680

    SHA256

    cb22ff7b7dc5235a7d749499dcbcbac10047f2fc9568ecdbafefe7b8f7f760c1

    SHA512

    e1a2b1e595f1099f0b141e33905f050104924c5a6f87b6bb4fc77274441926d826bda035bbfae51bd75d22a207415aca35526270c7005b5545ead636a80e82b0

    Download Submit

  • \seerdll\GCE.dll
    Filesize

    67KB

    MD5

    3b8cc8eaaca02cb308c85c7280852ade

    SHA1

    5813f4d3f28c00e744856860e2fdda1818f60680

    SHA256

    cb22ff7b7dc5235a7d749499dcbcbac10047f2fc9568ecdbafefe7b8f7f760c1

    SHA512

    e1a2b1e595f1099f0b141e33905f050104924c5a6f87b6bb4fc77274441926d826bda035bbfae51bd75d22a207415aca35526270c7005b5545ead636a80e82b0

    Download Submit

  • \seerdll\GCE.dll
    Filesize

    67KB

    MD5

    3b8cc8eaaca02cb308c85c7280852ade

    SHA1

    5813f4d3f28c00e744856860e2fdda1818f60680

    SHA256

    cb22ff7b7dc5235a7d749499dcbcbac10047f2fc9568ecdbafefe7b8f7f760c1

    SHA512

    e1a2b1e595f1099f0b141e33905f050104924c5a6f87b6bb4fc77274441926d826bda035bbfae51bd75d22a207415aca35526270c7005b5545ead636a80e82b0

    Download Submit

  • memory/1900-886-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-924-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-878-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-880-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-882-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-884-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-888-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-54-0x0000000000400000-0x00000000009B8000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1900-894-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-892-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-890-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-896-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-900-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-902-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-898-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-906-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-908-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-904-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-914-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-912-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-910-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-916-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-922-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-920-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-918-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-872-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-926-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-2601-0x0000000002350000-0x0000000002450000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1900-2602-0x0000000002670000-0x00000000027F1000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1900-5552-0x0000000002350000-0x0000000002450000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1900-8742-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-8749-0x0000000000400000-0x00000000009B8000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1900-8750-0x0000000002920000-0x0000000002A21000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1900-8751-0x0000000010000000-0x0000000010059000-memory.dmp

    Filesize

    356KB

    Download

  • memory/1900-876-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-874-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-870-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-8767-0x0000000003B30000-0x0000000003B70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1900-8771-0x0000000002600000-0x0000000002618000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1900-865-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-866-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-8772-0x0000000073A70000-0x000000007415E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1900-8773-0x0000000000400000-0x00000000009B8000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1900-8775-0x0000000010000000-0x0000000010059000-memory.dmp

    Filesize

    356KB

    Download

  • memory/1900-8776-0x0000000003B30000-0x0000000003B70000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1900-8781-0x0000000073A70000-0x000000007415E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1900-868-0x0000000002800000-0x0000000002911000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1900-55-0x0000000075AC0000-0x0000000075B07000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1900-8848-0x0000000000400000-0x00000000009B8000-memory.dmp

    Filesize

    5.7MB

    Download