Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

82ab9d3798...8b.exe

windows7-x64

7

82ab9d3798...8b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82ab9d37986ad4b195bcd03eb2bd6e53b731dd65ac4a2a936f70e42db72a3e8b.exe

  • Size

    3.8MB

  • MD5

    265f98db992f18287d3c497ee8e3c1fe

  • SHA1

    df10dbf89e1deb45315c643f2ae055a2b90195a8

  • SHA256

    82ab9d37986ad4b195bcd03eb2bd6e53b731dd65ac4a2a936f70e42db72a3e8b

  • SHA512

    f359c8635c352666762103f816f1f1af022ac681687423eea33600bcffdf5d803418234a8ad2377b991f5a18457e3f99a3e50f1115eac0f5c301e0588dd433d1

  • SSDEEP

    49152:kz+XPwh11sXIAyT9tN93qs5SkP2lS1mdM03aT1Po3Xa+kINX7:k2Ps1sByTJ5SQrWM03o12a+kINr

Score
7/10
discoveryupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82ab9d37986ad4b195bcd03eb2bd6e53b731dd65ac4a2a936f70e42db72a3e8b.exe
    "C:\Users\Admin\AppData\Local\Temp\82ab9d37986ad4b195bcd03eb2bd6e53b731dd65ac4a2a936f70e42db72a3e8b.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Windows\SysWOW64\rasautou.exe
      "C:\Windows\SysWOW64\rasautou.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2368
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\SysWOW64\icacls.exe"
        3⤵
        • Modifies file permissions
        • Suspicious use of WriteProcessMemory
        PID:2560
        • C:\Windows\SysWOW64\fontview.exe
          "C:\Windows\SysWOW64\fontview.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1320
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 184
            5⤵
            • Program crash
            PID:2300
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\82AB9D~1.EXE > nul
      2⤵
      • Deletes itself
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\WindowSystemNewUpdate448.log
    Filesize

    5KB

    MD5

    7fa734057f8f282e608829de32be11fc

    SHA1

    d557333840834f94ee2173c3244796cfe481c81b

    SHA256

    2c02db87843789ddfcdca0f787ec178530b1ad0b098a342d946a3a6ef11da990

    SHA512

    6d665c647f3bee6f5f130f1eebd4a6a9fe92befa7884d96855f7b2c25b3d2d0d2e67693af189b4da085317ae5d67c102aa5d99b6327c364dd394afeef7d0de41

    Download Submit

  • memory/1320-105-0x0000000000510000-0x0000000000B14000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1320-109-0x0000000000510000-0x0000000000B14000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1320-107-0x0000000000510000-0x0000000000B14000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1320-106-0x0000000000510000-0x0000000000B14000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2368-40-0x0000000003270000-0x000000000375B000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2368-9-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2368-10-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2368-11-0x0000000010000000-0x0000000010057000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2368-2-0x00000000000E0000-0x0000000000147000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2368-3-0x00000000000E0000-0x0000000000147000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2368-4-0x00000000000E0000-0x0000000000147000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2368-5-0x00000000000E0000-0x0000000000147000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2368-50-0x00000000009D0000-0x0000000000A08000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2368-61-0x0000000002870000-0x00000000028D7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2368-7-0x0000000000220000-0x000000000023B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2560-101-0x00000000000A0000-0x00000000000C4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2560-96-0x0000000000080000-0x000000000009F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2560-94-0x0000000000080000-0x000000000009F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2560-99-0x00000000000A0000-0x00000000000C4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2560-97-0x00000000000A0000-0x00000000000C4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2560-95-0x0000000000080000-0x000000000009F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2560-92-0x0000000000080000-0x000000000009F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2892-0-0x0000000000D60000-0x0000000000DF7000-memory.dmp

    Filesize

    604KB

    Download

  • memory/2892-36-0x0000000000D60000-0x0000000000DF7000-memory.dmp

    Filesize

    604KB

    Download

  • memory/2892-34-0x0000000000D60000-0x0000000000DF7000-memory.dmp

    Filesize

    604KB

    Download

  • memory/2892-31-0x0000000000D60000-0x0000000000DF7000-memory.dmp

    Filesize

    604KB

    Download