Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
24/08/2023, 03:39
General
-
Target
56365c7ec39590c392043900a936c6c76a4104c010c31e15588fc01b4c8b9a30.exe
-
Size
2.0MB
-
MD5
f5761384565fc1a806792069b45cd1e4
-
SHA1
ce32658bec751ba9dee7f8999ca4d070d4360662
-
SHA256
56365c7ec39590c392043900a936c6c76a4104c010c31e15588fc01b4c8b9a30
-
SHA512
753c18a32164e66f2a13f6767ea1e570ea785d4c8a9e6fab837ef5e41d3878b65d5fa06885c27ac15f38e6f2cdd1f53332b267eabf6804f470487fa87a44ceb4
-
SSDEEP
24576:SZkyGrwZtVvF4xQbv9XlWmYYLqBzu7shQs2dSGs0ED0ICvK/rXTFHDhrx:zYvDbvdlNYYLq9uFsx0Eycp
Malware Config
Signatures
-
Sets file execution options in registry 2 TTPs 4 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Loads dropped DLL 2 IoCs
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56365c7ec39590c392043900a936c6c76a4104c010c31e15588fc01b4c8b9a30.exe"C:\Users\Admin\AppData\Local\Temp\56365c7ec39590c392043900a936c6c76a4104c010c31e15588fc01b4c8b9a30.exe"1⤵
- Sets file execution options in registry
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regini.exeregini www.ini2⤵
- Sets file execution options in registry
-
-
C:\Windows\SysWOW64\regini.exeregini www.ini2⤵
- Sets file execution options in registry
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
101B
MD5df98f458d660ecdf388d0d7098b92879
SHA14bf6e30eb206475678d13860b72fd89792e177cd
SHA256ce80722c95f952938a53b800a0633bf85625c06ad7d6cc9c9c3a8d5ee1f4d979
SHA5120ce2c057b5ae123d8d98f6032b80ea273573223976a60fb86a29ffeff4234598d828da6d28476f12e9938887d2c11fbb1fd3b18290efdc102b210c9146803778
-
Filesize
101B
MD5df98f458d660ecdf388d0d7098b92879
SHA14bf6e30eb206475678d13860b72fd89792e177cd
SHA256ce80722c95f952938a53b800a0633bf85625c06ad7d6cc9c9c3a8d5ee1f4d979
SHA5120ce2c057b5ae123d8d98f6032b80ea273573223976a60fb86a29ffeff4234598d828da6d28476f12e9938887d2c11fbb1fd3b18290efdc102b210c9146803778
-
Filesize
97KB
MD5c35425ad1f0c32225d307310deccc335
SHA1b2e347b244e40ffa113dffaffd1895777e3ac30a
SHA25648773d597155dc39dd172c26867972da89dd61fcee0d138433eda26a2d8633b7
SHA51247b6a7447fcc4f9f21018f608fcbdb5650f16cbd869cae5d4ed5d9b88ca1e944de1cac10e9a252aa7b210f1a31456c0ed91728b8a7e24def99d7e3f9683e2bae
-
Filesize
892KB
MD592849a63d136bcbdc7e2def718f25237
SHA132abf6345009816ea6234e3581d3d2a922ca467d
SHA25646f7490e9c9b08aaf416e72419e0e4f603415afb58572738df19fb951ae704c4
SHA512f85e984492a24225cc3202a0160f5ed2b2a2a8bcbf87a62049f60ed286986ed741971bb45ced9226002051917b8ee85fe17a9861fbb8d3285abae3be686ae5d8
-
Filesize
240KB
-
Filesize
240KB
-
Filesize
240KB
-
Filesize
240KB
-
Filesize
240KB
-
Filesize
240KB