Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9f527f93bf...92.exe

windows7-x64

7

9f527f93bf...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2023, 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f527f93bfef3ee4e25be9e21c1d8587c5ac3980c492e52bcaa866887eb10f92.exe

  • Size

    11.3MB

  • MD5

    254f08aba9a37e2bfac28f04f14b36c7

  • SHA1

    b14f123541428e3a8053358fc7a5f15b5800d915

  • SHA256

    9f527f93bfef3ee4e25be9e21c1d8587c5ac3980c492e52bcaa866887eb10f92

  • SHA512

    8068fe30417cea87b5b1dbacb81878b0a70f198ce4d29f6b75baf6141cbf08a80ba4b3ce259f73672241c8a1aeb970138b1be50c7a412600ebc88791245ebadc

  • SSDEEP

    196608:fDL94UdVEy9qMBNLtlo0oog/QuO3x7Lmj/RBPkDqRSUshQW1suha0YsnfqWXqTKn:/94UdVEy9qMBNLtlo0oZYucxyrGFUavR

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f527f93bfef3ee4e25be9e21c1d8587c5ac3980c492e52bcaa866887eb10f92.exe
    "C:\Users\Admin\AppData\Local\Temp\9f527f93bfef3ee4e25be9e21c1d8587c5ac3980c492e52bcaa866887eb10f92.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    PID:1712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\netul.dll
    Filesize

    1.9MB

    MD5

    b434b1eff14158cb7708d70478b4f89a

    SHA1

    3e1411c5d7a5cffcf3c0b998cc7ea0b187c90ffb

    SHA256

    e62f24419a4e9a511f95183a276b6eb27a685c64f37b9f2449ab993d33e9d708

    SHA512

    303809947f45576cee4690fc90a85840d805bc42da2a0737f9f64d58b4ad5b170c5b3cbc89e3d12b1d7d0d554f87d22bb33644a64ad587d201d7fb47d43b0b75

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\netul.dll
    Filesize

    1.9MB

    MD5

    b434b1eff14158cb7708d70478b4f89a

    SHA1

    3e1411c5d7a5cffcf3c0b998cc7ea0b187c90ffb

    SHA256

    e62f24419a4e9a511f95183a276b6eb27a685c64f37b9f2449ab993d33e9d708

    SHA512

    303809947f45576cee4690fc90a85840d805bc42da2a0737f9f64d58b4ad5b170c5b3cbc89e3d12b1d7d0d554f87d22bb33644a64ad587d201d7fb47d43b0b75

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{332088FC-B771-4266-89C8-3BC1E8BFB344}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    5c3382df7349dc2b42a2aae9a595779e

    SHA1

    2ab5a4369b6938a89008eccec8fa7595a6eda5e8

    SHA256

    ca1e6b74d9448aa1b2daf7b843a4cc80a6fed13fe9480e0296ac8cadbae80d7e

    SHA512

    5b9824552262e34bd50748529f3b8a053ef0faeda51a85735daa3521eeb28bbc1148de5e1508d7da3a6c8c8d4a31a355876872c46ed22250be1eb202bfcf1907

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{332088FC-B771-4266-89C8-3BC1E8BFB344}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    5c3382df7349dc2b42a2aae9a595779e

    SHA1

    2ab5a4369b6938a89008eccec8fa7595a6eda5e8

    SHA256

    ca1e6b74d9448aa1b2daf7b843a4cc80a6fed13fe9480e0296ac8cadbae80d7e

    SHA512

    5b9824552262e34bd50748529f3b8a053ef0faeda51a85735daa3521eeb28bbc1148de5e1508d7da3a6c8c8d4a31a355876872c46ed22250be1eb202bfcf1907

    Download Submit