Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

db5a6542fe...6a.exe

windows7-x64

7

db5a6542fe...6a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2023, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db5a6542fea11f3cad83a6e7219d0cc715d7d9185d77a72de5ec230effb8366a.exe

  • Size

    84KB

  • MD5

    81f240d66929ab2a29ead2549eef44b3

  • SHA1

    c0880684d990c92aa391b23cb37c444aa8ff8084

  • SHA256

    db5a6542fea11f3cad83a6e7219d0cc715d7d9185d77a72de5ec230effb8366a

  • SHA512

    a8869dba57c7405578bfdc9dcbd72c253a8e26619e658ccb43e956741297ff43d1c82a23f7e338474b3827a4564506f6216df54883b2fde77365417f54c090ea

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOSNnaoao7NQ:GhfxHNIreQm+HiBNnaoao7NQ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db5a6542fea11f3cad83a6e7219d0cc715d7d9185d77a72de5ec230effb8366a.exe
    "C:\Users\Admin\AppData\Local\Temp\db5a6542fea11f3cad83a6e7219d0cc715d7d9185d77a72de5ec230effb8366a.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3360
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    030ed2489bb9919e7d412fcbbac9ce6c

    SHA1

    361ba0c334a33d5cb5b32f4ff636392a83e3fb49

    SHA256

    2c451010c7101fa10b7386500959ba7486ab0a15e25158bbb2aa5e9224633a1a

    SHA512

    edb312c5479255fdcfad8178de314491fe8dd1319c1c08b6440ef212b05e12889050130a8cc50b83808ab7187a1389b87362339d1436bb4286b06aad3211ea73

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    85KB

    MD5

    974fca63b3123e04f3a50c806b6946dd

    SHA1

    228e37bbb9392d5c4e7daa6abf451d1349e1a47d

    SHA256

    093b432b3c0e889608cfcdf085b62645f29840853fd2c2e51309c02ccfc9d482

    SHA512

    cccb66af02f411bb0b592501989ebad11f2f9f13bec5d296f5179bff5103e2649f91d7e22a810933c9659279a0ed125efcc42cfeee887387c2f5a810f5e69a61

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    85KB

    MD5

    974fca63b3123e04f3a50c806b6946dd

    SHA1

    228e37bbb9392d5c4e7daa6abf451d1349e1a47d

    SHA256

    093b432b3c0e889608cfcdf085b62645f29840853fd2c2e51309c02ccfc9d482

    SHA512

    cccb66af02f411bb0b592501989ebad11f2f9f13bec5d296f5179bff5103e2649f91d7e22a810933c9659279a0ed125efcc42cfeee887387c2f5a810f5e69a61

    Download Submit

  • memory/3360-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3360-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4244-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download