Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8be53871f6...80.exe

windows7-x64

7

8be53871f6...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    27/08/2023, 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8be53871f6ee10795c892f5a1274b30608e7b3e8b722bc6d88484f49cfd8f580.exe

  • Size

    3.2MB

  • MD5

    787db21989a9b6a297a53c33bd8827d4

  • SHA1

    14c3a0d5fa7ebf062a729140d2f8c97e647c4ff3

  • SHA256

    8be53871f6ee10795c892f5a1274b30608e7b3e8b722bc6d88484f49cfd8f580

  • SHA512

    36c5105cae3c08ad044d8e8b06742a8f99b6ad24bc3b0f6f62104a771346263e95759d257525745690b203331ff278226c121a737d4348c4c986ab9a6b941d52

  • SSDEEP

    49152:3BFsVkDH/AEeB4IFlBgcO8Ipc8dOjYAZ3oHrj/i6jbY:RS+DH/AEe2IFlBgcIpc8dOsI3QJj8

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8be53871f6ee10795c892f5a1274b30608e7b3e8b722bc6d88484f49cfd8f580.exe
    "C:\Users\Admin\AppData\Local\Temp\8be53871f6ee10795c892f5a1274b30608e7b3e8b722bc6d88484f49cfd8f580.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Windows\cmd.exe
      "C:\Windows\cmd.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Windows\csrss.exe
        "C:\Windows\csrss.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\cmd.exe
    Filesize

    808KB

    MD5

    d5f5f0ebb134ca0c67ab60c659a1ae41

    SHA1

    529dd9fbb43659279d083862c0208c7d883d72cf

    SHA256

    598fafb86d687aafc0db520f2534fff2cc449366e0a4a5858f4fc050f4940740

    SHA512

    439a10d432aaaf40d53ffbdf60817cacae4c3518adc7d4ad8be947f90f19c50acbf6bac5a018d063441fd79af02ddd68c65f8fc496d8a81afdd002df478cb96c

    Download Submit

  • C:\Windows\cmd.exe
    Filesize

    808KB

    MD5

    d5f5f0ebb134ca0c67ab60c659a1ae41

    SHA1

    529dd9fbb43659279d083862c0208c7d883d72cf

    SHA256

    598fafb86d687aafc0db520f2534fff2cc449366e0a4a5858f4fc050f4940740

    SHA512

    439a10d432aaaf40d53ffbdf60817cacae4c3518adc7d4ad8be947f90f19c50acbf6bac5a018d063441fd79af02ddd68c65f8fc496d8a81afdd002df478cb96c

    Download Submit

  • C:\Windows\csrss.exe
    Filesize

    6KB

    MD5

    b58a5bc5705e66b3fdaeba17e346ffe6

    SHA1

    b3ba09b9625096119a28ba979e1cafb7be769786

    SHA256

    55f1c3dc84b498fc3bbf05d80e23cb168716053989f922d4dcf53c9279fc66cb

    SHA512

    1343e67cee9cd1ad746d12d41ae1c9a3e98d19b728491c4e813e8cfa708e5978557e3f206c921955538a6af60246e6ea8b4349d5c62289442cbb61c3d255456f

    Download Submit

  • C:\Windows\csrss.exe
    Filesize

    6KB

    MD5

    b58a5bc5705e66b3fdaeba17e346ffe6

    SHA1

    b3ba09b9625096119a28ba979e1cafb7be769786

    SHA256

    55f1c3dc84b498fc3bbf05d80e23cb168716053989f922d4dcf53c9279fc66cb

    SHA512

    1343e67cee9cd1ad746d12d41ae1c9a3e98d19b728491c4e813e8cfa708e5978557e3f206c921955538a6af60246e6ea8b4349d5c62289442cbb61c3d255456f

    Download Submit

  • memory/2560-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2580-21-0x0000000002100000-0x0000000002108000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2580-22-0x0000000000850000-0x0000000000858000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2580-13-0x0000000000850000-0x0000000000858000-memory.dmp

    Filesize

    32KB

    Download