Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

06120b3bd5...54.exe

windows7-x64

7

06120b3bd5...54.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06120b3bd5690fced06d2db5287001cf6044b97380d08548c60085206f131054.exe

  • Size

    508KB

  • MD5

    5541f014b5c1dc06d22551e57d20138d

  • SHA1

    b6f8ebf036b5db686bb09cbd827cdcfb12347242

  • SHA256

    06120b3bd5690fced06d2db5287001cf6044b97380d08548c60085206f131054

  • SHA512

    20b24fe4fc2a0fa0b9a27d51dcf878944d1615bdb21691626dd60bbf7c0338936440f48cd7bf65eb66f8d0ee2e8145f22574a6a05bda0bd03b7bb4c71b0bb592

  • SSDEEP

    6144:yW0J07EHxsWKKCbrZXDbI33z5P/kjguInr39tAOLPvI1ILz:54CWKKCrZTGF/k8uMxtxPvvz

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06120b3bd5690fced06d2db5287001cf6044b97380d08548c60085206f131054.exe
    "C:\Users\Admin\AppData\Local\Temp\06120b3bd5690fced06d2db5287001cf6044b97380d08548c60085206f131054.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\06120b3bd5690fced06d2db5287001cf6044b97380d08548c60085206f131054.exe"
      2⤵
        PID:4240

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\tkjsidfsd
      Filesize

      46B

      MD5

      fa68a2c03a4982e5491bd47f2076e60a

      SHA1

      0dd382648c569c840cdabdf46e8a8639d8109ba0

      SHA256

      cc667e37d3ba26204d5bc34f1438002c5355ea8f33fbe87fba41883320548993

      SHA512

      e131788d6ecf68d5fcc7f4f38a13c0ff85cccd5fe5be08d7a6b7d1b6ab6240cb403f9cab1dd24703933f1d43431ad80e5d8d1192dcaa5bb7605ce104e1feb6ae

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      93B

      MD5

      e6ea105a47f3b6c77fb024223eeb27a2

      SHA1

      5fcac129e19f61e9187ab5d03bc0e12c79223986

      SHA256

      1adcdd484e88ac8925f0c0e0d15aca2339be9abe18c18940377487d2608a3004

      SHA512

      19de7c2ab4e882ec9e127fcf48d8863cb95c4f328d85fd98678710ca73ab215d242dcdee05b5a1544591bf172738c3f979c1f146355091cb6e8181727933f8ad

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      46B

      MD5

      fa68a2c03a4982e5491bd47f2076e60a

      SHA1

      0dd382648c569c840cdabdf46e8a8639d8109ba0

      SHA256

      cc667e37d3ba26204d5bc34f1438002c5355ea8f33fbe87fba41883320548993

      SHA512

      e131788d6ecf68d5fcc7f4f38a13c0ff85cccd5fe5be08d7a6b7d1b6ab6240cb403f9cab1dd24703933f1d43431ad80e5d8d1192dcaa5bb7605ce104e1feb6ae

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      116B

      MD5

      64b8c8e66944b0c0f5ffb31f9f6d1e4d

      SHA1

      4896f1c450624208877243e6a9d9f851050ad4cb

      SHA256

      3759ea4e3cc514fd08a50a784b656aaa4980618b93e940f09328f004ed5e4cd2

      SHA512

      c2fb45155894ccebbe8f1972f9aa29269e93edb1974d62cbf9e24e5af219df8a41a39a15ccbbbe8810c016224bff345cce8b0c4eff77343898c0081e59c59c73

      Download Submit