Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

5b5624fa29...6a.exe

windows7-x64

8

5b5624fa29...6a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/09/2023, 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b5624fa293b3ee37fbeb6a2a57e81e188da93be6ab0011f3d5c8e73db955b6a.exe

  • Size

    3.7MB

  • MD5

    31147a33b9fb50a227aac83ab48be48f

  • SHA1

    0398c2a046c1aafc56748b33e088b09b1420f704

  • SHA256

    5b5624fa293b3ee37fbeb6a2a57e81e188da93be6ab0011f3d5c8e73db955b6a

  • SHA512

    2ade4b479a56da306f9d4c85cb6ddf426b24bed3c55e6611abbe453b8a95279848ee93835c82be51e3b22830aa87f5a33c14c21ce868d95568e70e34561c20e1

  • SSDEEP

    49152:WhQ8lPzRnZp4y5C6mB0j4KTB+r5u8QeKxFOJxdb4vZKV8:SllLRnZp4yE6mdVKdzOJDb4v+8

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in System32 directory 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b5624fa293b3ee37fbeb6a2a57e81e188da93be6ab0011f3d5c8e73db955b6a.exe
    "C:\Users\Admin\AppData\Local\Temp\5b5624fa293b3ee37fbeb6a2a57e81e188da93be6ab0011f3d5c8e73db955b6a.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1920
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:3412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    5KB

    MD5

    5fbff33dd64907f9b714f37366fc98e1

    SHA1

    cf061361fef32f704afc6c93b77141800babbda7

    SHA256

    b72813dc20ccb17cd735ba6f1e2ca1539e698bae4d24db20c9b5c4a7c3ee82a1

    SHA512

    a6e2e53e843629b679dd903152ff5e3987eaad35bcd46b06e455e958e301a69e3be08164f51d56813bc8955fcaee9a9aa452cb40cdfdbf48836e9470cf326988

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
    Filesize

    5KB

    MD5

    5fbff33dd64907f9b714f37366fc98e1

    SHA1

    cf061361fef32f704afc6c93b77141800babbda7

    SHA256

    b72813dc20ccb17cd735ba6f1e2ca1539e698bae4d24db20c9b5c4a7c3ee82a1

    SHA512

    a6e2e53e843629b679dd903152ff5e3987eaad35bcd46b06e455e958e301a69e3be08164f51d56813bc8955fcaee9a9aa452cb40cdfdbf48836e9470cf326988

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Yandex\ui
    Filesize

    38B

    MD5

    eb1fdc474afa1a51abfc017131e2f578

    SHA1

    7e16f63f4c76dfd3e4bfea060cbcd73a137a75e9

    SHA256

    6c8b8bfae976a8ef3d3d1893fb30d8dde71ff0cbdcf34e12efdad7b38d02fffe

    SHA512

    9053da3c4ca019cb04cd551143c83b996740e00b7118667f98ed2001ba50e4cc1d2a4b14bb74ec49bdfc303b8bbe9df994dbc42558ddfbabd454787e7610a6b5

    Download Submit