Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Order Quotation.exe

windows7-x64

7

Order Quotation.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2023, 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Order Quotation.exe

  • Size

    328KB

  • MD5

    8933001b2016741520a7b3634bbee9b5

  • SHA1

    872b493fbfcbfc53399a59fde354200e68988a66

  • SHA256

    f35af82ca51d0a71780cfd0a71b6353e57b11f97d8a56615058dd512df91f1f2

  • SHA512

    7ef44942a4b9d1160c170d7d6db49028a3c33bfcea4b1ae2288711b0bec91f20d2b3172635041d9624ef25c6cf5875a48ec2ad6f5e2fe48179731797b436421b

  • SSDEEP

    6144:mYa6m2DqJ7qQ//AZjTa/bVd6zeWpmivMXYMikvPXCQLkIS3:mYIBqQg9aBMzXpmUM7qQLp6

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Order Quotation.exe
    "C:\Users\Admin\AppData\Local\Temp\Order Quotation.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Users\Admin\AppData\Local\Temp\Order Quotation.exe
      "C:\Users\Admin\AppData\Local\Temp\Order Quotation.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsa2018.tmp\snbns.dll
    Filesize

    75KB

    MD5

    ed89bb6f338887301b62ecb7b4d5aa58

    SHA1

    7b8950568af0cc234d06f1573dde8fc87331344d

    SHA256

    e6a3e946896a6389c7b771fd6094527b6f14784aad3820b31ca7f7145b95220d

    SHA512

    353d2754e8b25fcbb9c4abcd1f25e69184d8bd0abb3d6dfcbd366b486c27ba2fcdb56acf5f4fd1d2e7db0e4ff36152a8b6507028dff30b062ea39155e6046870

    Download Submit

  • memory/3540-143-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/3540-144-0x00000000009B0000-0x0000000000CFA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3540-145-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/3540-146-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/4876-142-0x00000000031D0000-0x00000000031D2000-memory.dmp

    Filesize

    8KB

    Download