Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ce2963d9e0...bc.exe

windows7-x64

7

ce2963d9e0...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2023, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ce2963d9e032c8bec72da8ac172cd0059938af3f194471c38728ef9bd214afbc.exe

  • Size

    4.9MB

  • MD5

    e3c1078e71cea009051e317ae1018802

  • SHA1

    8d90f57b26abce7908a996d9478d555250c417e1

  • SHA256

    ce2963d9e032c8bec72da8ac172cd0059938af3f194471c38728ef9bd214afbc

  • SHA512

    69f788985fb2738e149b38f46c8ecd931f521f073e3bca8856bb464c9eddb299c394b03630de256b122187e5d6a6d27d7e406298c9f3b4365f7415911d28198b

  • SSDEEP

    98304:PwmjyTMnYvx4NMaD9Sf8KBcd1WTPY+7rG4+rqFPVRHOG1EN9kg37dT4Gi3y6bDzk:oxb5AOSwGrqF/HDY9kg6Gii6b

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 35 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ce2963d9e032c8bec72da8ac172cd0059938af3f194471c38728ef9bd214afbc.exe
    "C:\Users\Admin\AppData\Local\Temp\ce2963d9e032c8bec72da8ac172cd0059938af3f194471c38728ef9bd214afbc.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-0-0x0000000000400000-0x0000000000B4F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/2028-1-0x00000000767C0000-0x00000000769D5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/2028-3875-0x0000000076620000-0x00000000767C0000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2028-5884-0x0000000076A80000-0x0000000076AFA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/2028-7839-0x0000000000400000-0x0000000000B4F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/2028-7841-0x0000000000400000-0x0000000000B4F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/2028-13071-0x0000000000400000-0x0000000000B4F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/2028-13072-0x0000000000400000-0x0000000000B4F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/2028-13080-0x00000000034F0000-0x00000000034FB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2028-13079-0x00000000034F0000-0x00000000034FB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2028-13081-0x0000000003370000-0x0000000003371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2028-13083-0x0000000076420000-0x0000000076483000-memory.dmp

    Filesize

    396KB

    Download

  • memory/2028-13086-0x00000000034F0000-0x00000000034FB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2028-13087-0x0000000076420000-0x0000000076483000-memory.dmp

    Filesize

    396KB

    Download