Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
01/10/2023, 13:20
Static task
static1
Behavioral task
behavioral1
Sample
c3f979c75e980281fdbe56abbaed02a8_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
c3f979c75e980281fdbe56abbaed02a8_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
c3f979c75e980281fdbe56abbaed02a8_JC.exe
-
Size
289KB
-
MD5
c3f979c75e980281fdbe56abbaed02a8
-
SHA1
51116b3471caba25102b19d1cef2606dfe3d8454
-
SHA256
9417897eaa3996f8319d1f91e2819038511018b4e6e730167b3668c763130b8d
-
SHA512
270956f8461f9296a2aeecce79200bba201af9a4021e4731e57ec45da9c0c6cd685c456dd08c399654eede6c17f04320e1dc30e938332bc37241fa28d90281a0
-
SSDEEP
3072:GY9CUT62/UOVNu5YKZmRoWM4pkcrIobbZ5QzN2Vs/2xdqWnaf+y6SiG/sMFvkzXE:GY9C8QyNRQbobbfQ8V+W7MeO8l58
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
pid Process 2580 szgfw.exe -
Loads dropped DLL 2 IoCs
pid Process 3040 c3f979c75e980281fdbe56abbaed02a8_JC.exe 3040 c3f979c75e980281fdbe56abbaed02a8_JC.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2580 3040 c3f979c75e980281fdbe56abbaed02a8_JC.exe 28 PID 3040 wrote to memory of 2580 3040 c3f979c75e980281fdbe56abbaed02a8_JC.exe 28 PID 3040 wrote to memory of 2580 3040 c3f979c75e980281fdbe56abbaed02a8_JC.exe 28 PID 3040 wrote to memory of 2580 3040 c3f979c75e980281fdbe56abbaed02a8_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3f979c75e980281fdbe56abbaed02a8_JC.exe"C:\Users\Admin\AppData\Local\Temp\c3f979c75e980281fdbe56abbaed02a8_JC.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
PID:2580
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
289KB
MD5be55b090a244062240bc9613820022bc
SHA13412859a5b2e198cdedf1a638dd7ff8594249602
SHA2568346eacf134792f72b746630a3fca84de605ee2f64a203c34ba5026b0eff3c18
SHA512518fc1ff65d81045fb05df93bab95a61678a3dc28fc160aa28df8f75af70b8fc5a55eb1159da0b141c2cf9c811c04e56fac8a4a670de8d8ebcbcc805e5f0a37d
-
Filesize
289KB
MD5be55b090a244062240bc9613820022bc
SHA13412859a5b2e198cdedf1a638dd7ff8594249602
SHA2568346eacf134792f72b746630a3fca84de605ee2f64a203c34ba5026b0eff3c18
SHA512518fc1ff65d81045fb05df93bab95a61678a3dc28fc160aa28df8f75af70b8fc5a55eb1159da0b141c2cf9c811c04e56fac8a4a670de8d8ebcbcc805e5f0a37d
-
Filesize
289KB
MD5be55b090a244062240bc9613820022bc
SHA13412859a5b2e198cdedf1a638dd7ff8594249602
SHA2568346eacf134792f72b746630a3fca84de605ee2f64a203c34ba5026b0eff3c18
SHA512518fc1ff65d81045fb05df93bab95a61678a3dc28fc160aa28df8f75af70b8fc5a55eb1159da0b141c2cf9c811c04e56fac8a4a670de8d8ebcbcc805e5f0a37d
-
Filesize
289KB
MD5be55b090a244062240bc9613820022bc
SHA13412859a5b2e198cdedf1a638dd7ff8594249602
SHA2568346eacf134792f72b746630a3fca84de605ee2f64a203c34ba5026b0eff3c18
SHA512518fc1ff65d81045fb05df93bab95a61678a3dc28fc160aa28df8f75af70b8fc5a55eb1159da0b141c2cf9c811c04e56fac8a4a670de8d8ebcbcc805e5f0a37d
-
Filesize
289KB
MD5be55b090a244062240bc9613820022bc
SHA13412859a5b2e198cdedf1a638dd7ff8594249602
SHA2568346eacf134792f72b746630a3fca84de605ee2f64a203c34ba5026b0eff3c18
SHA512518fc1ff65d81045fb05df93bab95a61678a3dc28fc160aa28df8f75af70b8fc5a55eb1159da0b141c2cf9c811c04e56fac8a4a670de8d8ebcbcc805e5f0a37d