Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

60efca330c...98.exe

windows7-x64

7

60efca330c...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2023, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe

  • Size

    14.4MB

  • MD5

    5f7e7f2bef5b08f8b4b51c683a138904

  • SHA1

    73e2be45ffed34532f54fae9b15e73e3e9e25ae8

  • SHA256

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298

  • SHA512

    4eac53acff456de44e8205fc4339fc4e306eac752c331f1593cf7d822bd890c9d1ca6b3a93e7f8b7822104d45a97e1034844395072713205aa409a28cbb99f1c

  • SSDEEP

    393216:igvGuiPrrYx9npGNv9is4vUZF/Mf20Dm0hNeoCdckR:f5J9npGSs4vORHjSeoTkR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
    "C:\Users\Admin\AppData\Local\Temp\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:924
    • C:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
      C:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
    Filesize

    14.4MB

    MD5

    5f7e7f2bef5b08f8b4b51c683a138904

    SHA1

    73e2be45ffed34532f54fae9b15e73e3e9e25ae8

    SHA256

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298

    SHA512

    4eac53acff456de44e8205fc4339fc4e306eac752c331f1593cf7d822bd890c9d1ca6b3a93e7f8b7822104d45a97e1034844395072713205aa409a28cbb99f1c

    Download Submit

  • C:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
    Filesize

    14.4MB

    MD5

    5f7e7f2bef5b08f8b4b51c683a138904

    SHA1

    73e2be45ffed34532f54fae9b15e73e3e9e25ae8

    SHA256

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298

    SHA512

    4eac53acff456de44e8205fc4339fc4e306eac752c331f1593cf7d822bd890c9d1ca6b3a93e7f8b7822104d45a97e1034844395072713205aa409a28cbb99f1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2f83c732a3ee6913b55d3b012f18ad02.tmp
    Filesize

    68B

    MD5

    4da8aec21f9cd7a501db0783388b5e45

    SHA1

    ea58c1d5adb7da3f9c35d635f16f363d92e96210

    SHA256

    4d1caf46514a76434393d37f4d81624cdcba052780d1c29fbaa5ac0fbbe08478

    SHA512

    9ea35282df94744870253c7091aab1fcc4b6cb188bf970dbdd4fcff0b82d6ddc8a4611c6fc05ae10651a7bf4200e61d2c8a67f81719854b8dd5b50166e6c7271

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dd2aaba274f9d9a222e933280f9af72b.ini
    Filesize

    19KB

    MD5

    e9db130bb429e181cbd2a651cd7d2db5

    SHA1

    6c239d51fdf307c45c229e3fb24b9ee74c57ded9

    SHA256

    39a07336c4a76da08a6d60f49c407ca7721faa6d9f19e71377d2fccdc5c4edbe

    SHA512

    035b05808006d6f2773eb4c407920a9a50970e6529168339fef458590fe480cb10a0cf8c94477d4ab80f8845200389c471d3c539972cefdad2abff6adbc43196

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\del.tmp
    Filesize

    102B

    MD5

    ba74075f8973d3f8ea54135934e23ba5

    SHA1

    392d74362a27f39c91a93c329ba27d8219f6d238

    SHA256

    9d3e1f74e067ccc8f93b733cb26a9ee8aa828d0d5af198d58182a09ad998e8fd

    SHA512

    6e139c1cf277b3c5a424dcf16de8f631b7df9771164d8bbe3b9e321a69aba6ac8c0012ed88ae5d5bf19123c9208c94c5b33561abf9c2174b653260458ec280b6

    Download Submit

  • \60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
    Filesize

    14.4MB

    MD5

    5f7e7f2bef5b08f8b4b51c683a138904

    SHA1

    73e2be45ffed34532f54fae9b15e73e3e9e25ae8

    SHA256

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298

    SHA512

    4eac53acff456de44e8205fc4339fc4e306eac752c331f1593cf7d822bd890c9d1ca6b3a93e7f8b7822104d45a97e1034844395072713205aa409a28cbb99f1c

    Download Submit

  • memory/924-55-0x00000000003D0000-0x00000000003D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/924-54-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/924-65-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/924-68-0x00000000003D0000-0x00000000003D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2056-241-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-250-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-239-0x0000000000240000-0x0000000000243000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2056-240-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-63-0x0000000000240000-0x0000000000243000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2056-242-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-243-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-244-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-245-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-64-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-251-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-252-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-253-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-254-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-255-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-256-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-260-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2056-261-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download