Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

219b8ecb49...73.exe

windows7-x64

8

219b8ecb49...73.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2023, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    219b8ecb49ab73378fc40ed08171a05765db0194ffc300e198dcbe698773f573.exe

  • Size

    274KB

  • MD5

    5f78b5cb52e44a34c8403dc025eb9c86

  • SHA1

    06d1ed39ebf8ecab97b1e0d493508423dc6c1819

  • SHA256

    219b8ecb49ab73378fc40ed08171a05765db0194ffc300e198dcbe698773f573

  • SHA512

    37fc19419918f6cedb14267a395babbff6ed649741b31c7bbdc50a4598302d2ebf2d7ab591393babeefb63e816f6b798b9d228d77a3ab01ddb086d8e77160578

  • SSDEEP

    6144:abTirrfykiiUjh6QH/cEOkCybEaQRXr9HNdvOa:aPcrfR6ZnOkx2LIa

Score
8/10
upxvmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 9 IoCs
  • Deletes itself 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 6 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 9 IoCs
  • Drops file in Program Files directory 26 IoCs
  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 59 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:420
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1164
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Drops file in Drivers directory
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1188
      • C:\Users\Admin\AppData\Local\Temp\219b8ecb49ab73378fc40ed08171a05765db0194ffc300e198dcbe698773f573.exe
        "C:\Users\Admin\AppData\Local\Temp\219b8ecb49ab73378fc40ed08171a05765db0194ffc300e198dcbe698773f573.exe"
        2⤵
        • Drops file in Windows directory
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2552
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Users\Admin\AppData\Local\Temp\219b8ecb49ab73378fc40ed08171a05765db0194ffc300e198dcbe698773f573.exe"
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:1688
          • C:\Windows\SysWOW64\timeout.exe
            timeout /t 1
            4⤵
            • Delays execution with timeout.exe
            PID:2192

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_DD02D25E799024F48A93E8EE3BDDA41A
      Filesize

      2KB

      MD5

      2818084a9e9c1a6ea4afcabc2addedaa

      SHA1

      13c59025d416f769fffeb9e239b2e16c8b5f7868

      SHA256

      6f4fa276959221d8e18c0531d8d6e374bc3630f0d2a9cb3bc53d9332b31fe4f0

      SHA512

      2c0222371add59a2f3dc64fc5fc8e4a72076c279c2f8697fe84afc948b2d9f8033b5e47a67f2167fc65b6749c2c558b672fad16b683f5d4769678a434821577b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      1KB

      MD5

      91a2dd953cb6f8edfa3c5a3b7c680f68

      SHA1

      45fabdf01269f6ff34cee0a3304d97e8dbb74486

      SHA256

      9806b25d68e91516099c89be4870be1aadc6be2de5611dc24e426026ebf5ffbd

      SHA512

      f1555dc73fe7e5a137385fbb158c587651345f2cb8c28ff11590fe65accdb8cf753b775e804f3f33d30e4c3cd94331356715f63b7856ad567ac98bec639f0bda

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DED9969D7ED2C6E555C5C9254A43EDE4
      Filesize

      599B

      MD5

      a87c1c0bd5b4f68755a9cc6b52c6c2be

      SHA1

      23d9859148cd758aa9eac8e5e5b3fa7b16968b28

      SHA256

      44b9e82998f53b67924b619840930d3c0e22877283dd612da9b55a36ea034666

      SHA512

      93c5fb66c5a95440be30a29ec04a09e3a174af66e584bd8fbcb2aabe74d643fba82f5ec6915b5d1fa3ba4d3eae7c60f8d5dc46438e420b4a46924c203e601cac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_DD02D25E799024F48A93E8EE3BDDA41A
      Filesize

      484B

      MD5

      3a5838208f8452d0874273d03db7feaf

      SHA1

      b9432df018167239d51be96b2bb92097f6916c9e

      SHA256

      b72b97fa1ce1c7d26757f0ed3a2cee806f05710940fb4c10e9592345d1096b1a

      SHA512

      b9615870e054e1dabfb3308a10154e29b7a6520f8ec59663f0ca006938cb6936cce9f3e31effe9f217413837759bc0e70aaeb4d4cd58a6acfe3b17b9aeb9f4bd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      37de3f8202353fb4d7a5462b03ffc3a3

      SHA1

      62238ec2b0018935a4d949d8a164827bf259c127

      SHA256

      1c0148f073a0d76a439c5ea926fc8d67be84df40dd967fde92800142d1dc10f9

      SHA512

      eff9626e25c9454fffba1d4f5d3d7af5139f480841d3bb5137c4340863d1edb644a71cf1c28fb18616e61a1539ba01090a9cd374c99f4a3e354f4070767f2e60

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      482B

      MD5

      83157ae45efc6228c31b8916f3ff855d

      SHA1

      d0b0a02471e94fad4df7ea48859e2e8ef3b6430c

      SHA256

      515ebb6ee84fe8900cf8130e1c73fc16ae189510ed740aac83833a1bcfa15788

      SHA512

      cc6f613f16024463a5b2c913ec0c6b1a58bbf328f3162be2afb89d64726dd00ee854b74a824452d43373211aa54c220b30e27f48ac6bcac6c70d2617728b6556

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DED9969D7ED2C6E555C5C9254A43EDE4
      Filesize

      504B

      MD5

      c4996d3cec181b4ea4924bb27e97f9c9

      SHA1

      4cced27444b920cbf485b076e05a054d6c0ed543

      SHA256

      510caa57e41a3bba11c854abe4d2ee0455b7da878d1c43ee98c62db80f62fe22

      SHA512

      693ce96cae2d52594f9ca941fc1550635b497afc21f8aacd009f4dd1bce817cfe3ade09156542b403fe74ecd83d2fc9f781516f51b5aa7d18b339ded09e3f673

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1F26.tmp
      Filesize

      61KB

      MD5

      f3441b8572aae8801c04f3060b550443

      SHA1

      4ef0a35436125d6821831ef36c28ffaf196cda15

      SHA256

      6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

      SHA512

      5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1FC5.tmp
      Filesize

      163KB

      MD5

      9441737383d21192400eca82fda910ec

      SHA1

      725e0d606a4fc9ba44aa8ffde65bed15e65367e4

      SHA256

      bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

      SHA512

      7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

      Download Submit

    • C:\Windows\2jzRf8bs9na7Qf.sys
      Filesize

      415KB

      MD5

      64bc1983743c584a9ad09dacf12792e5

      SHA1

      0f14098f523d21f11129c4df09451413ddff6d61

      SHA256

      057ec356f1577fe86b706e5aeb74e3bdd6fe04d22586fecf69b866f8f72db7f5

      SHA512

      9ab4ddb64bd97dd1a7ee15613a258edf1d2eba880a0896a91487c47a32c9bd1118cde18211053a5b081216d123d5f901b454a525cbba01d8067c31babd8c8c3c

      Download Submit

    • C:\Windows\FHyDye1LAp.sys
      Filesize

      447KB

      MD5

      c677eb2481f5e2879179713738e69ba5

      SHA1

      821ae1f88b6a4ced5bed868f98d531ec45058a0b

      SHA256

      c7d0b1ae03df1edb2fb5495fba97cb2e459aac26e02e6ab95aed6bb29fe2c75d

      SHA512

      991d321ba2be14a347f1b70e946c330278e186581b520a5b5b34bbe18bd72f8b2554d50e31d9ad2593b54f7216d3df84c843f4e377c4439d48c274939aac2c8f

      Download Submit

    • C:\Windows\FZzzPkPuJtg.sys
      Filesize

      447KB

      MD5

      d15f5f23df8036bd5089ce8d151b0e0d

      SHA1

      4066ff4d92ae189d92fcdfb8c11a82cc9db56bb2

      SHA256

      f2c40dde6f40beaa3c283b66791ff27e6f06d66c8dd6eff5262f51e02ee26520

      SHA512

      feaec8a00346b0a74c530859785e1b280da5833bf3113083bf4664ebee85b14ceca648499f36d266d329d602349f9ad0fc21a10e605377b3a2c24b456f3a9bd9

      Download Submit

    • C:\Windows\UdULMr2rvs6Lg.sys
      Filesize

      415KB

      MD5

      beb2e0ae66726d7e2c8e51345748eee6

      SHA1

      21ba73fc1366a157e54c54f501e81cd19b8d8a10

      SHA256

      23db8c2423bcbf7b65e727dacebff408b5b4ac7c575b2ec99754c86e959e6763

      SHA512

      c94811ec460a6013c28b6b22d5dc85eac86f409eb7b21d2bbd265ff3a4e23d8628cdb4a813d9502407324fc9a3e0d02c824a161e175e61a7f5da935e450aff9a

      Download Submit

    • memory/420-606-0x0000000000960000-0x0000000000963000-memory.dmp

      Filesize

      12KB

      Download

    • memory/420-608-0x0000000000A00000-0x0000000000A28000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1164-794-0x0000000001BB0000-0x0000000001C5A000-memory.dmp

      Filesize

      680KB

      Download

    • memory/1164-800-0x0000000001D10000-0x0000000001D13000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1164-803-0x0000000001D10000-0x0000000001D13000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1164-804-0x0000000001D10000-0x0000000001D13000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1164-805-0x0000000001D10000-0x0000000001D13000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1164-807-0x0000000001D30000-0x0000000001D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1164-808-0x0000000001DE0000-0x0000000001E8F000-memory.dmp

      Filesize

      700KB

      Download

    • memory/1164-810-0x0000000001D30000-0x0000000001D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1164-811-0x0000000001DE0000-0x0000000001E8F000-memory.dmp

      Filesize

      700KB

      Download

    • memory/1188-668-0x0000000006960000-0x0000000006A0F000-memory.dmp

      Filesize

      700KB

      Download

    • memory/1188-791-0x0000000002C40000-0x0000000002C41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-809-0x0000000003950000-0x0000000003951000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-667-0x0000000003940000-0x0000000003941000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-666-0x0000000003950000-0x0000000003951000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-665-0x0000000003950000-0x0000000003951000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-664-0x0000000000A00000-0x0000000000A28000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1188-663-0x0000000003940000-0x0000000003941000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-662-0x0000000000A00000-0x0000000000A28000-memory.dmp

      Filesize

      160KB

      Download

    • memory/1188-660-0x0000000037870000-0x0000000037880000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-636-0x00000000068A0000-0x0000000006951000-memory.dmp

      Filesize

      708KB

      Download

    • memory/1188-597-0x0000000002A60000-0x0000000002A63000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1188-788-0x0000000002C40000-0x0000000002C41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-669-0x0000000006960000-0x0000000006A0F000-memory.dmp

      Filesize

      700KB

      Download

    • memory/1188-792-0x0000000006960000-0x0000000006A0F000-memory.dmp

      Filesize

      700KB

      Download

    • memory/1188-793-0x0000000002C40000-0x0000000002C41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1188-604-0x000007FEBF9D0000-0x000007FEBF9E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1188-603-0x00000000068A0000-0x0000000006951000-memory.dmp

      Filesize

      708KB

      Download

    • memory/1188-602-0x0000000002A60000-0x0000000002A63000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1188-600-0x00000000068A0000-0x0000000006951000-memory.dmp

      Filesize

      708KB

      Download

    • memory/1188-599-0x0000000002A60000-0x0000000002A63000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1188-806-0x0000000006A10000-0x0000000006A14000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2552-635-0x0000000000B30000-0x0000000000BBC000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2552-268-0x0000000000B30000-0x0000000000BBC000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2552-0-0x0000000000B30000-0x0000000000BBC000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2552-63-0x0000000000B30000-0x0000000000BBC000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2552-3-0x0000000000B30000-0x0000000000BBC000-memory.dmp

      Filesize

      560KB

      Download