Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a59e5080bc...JC.exe

windows7-x64

10

a59e5080bc...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a59e5080bc8db85569321aaa3d91a810_JC.exe

  • Size

    5.9MB

  • MD5

    a59e5080bc8db85569321aaa3d91a810

  • SHA1

    9f5b8f027ec8b4a188236961f8e3b260f6748180

  • SHA256

    ebf00b4085d40901fa76f8ebaa4d0f4a171d5dabb816da27f5621ed11944554d

  • SHA512

    7f179c078cf3b74e208160e79908e6c16e12c530d2b8a3b789f8ca8acba8680df7abefd276965ca5c67fade3bedba6e10bd8bf96bcebf94187183631a950db0a

  • SSDEEP

    98304:njj6l/ydwugGr8DwuwnUwMg6C7Vy3KrytzoqqA5e5UA6rO3XO07WsnYmKPCwD3Y5:jjM/MrwDwu4Mm7V2Kry3ZE6q3XTCsYNw

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a59e5080bc8db85569321aaa3d91a810_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\a59e5080bc8db85569321aaa3d91a810_JC.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCX870D.tmp
    Filesize

    61KB

    MD5

    cb2b9a8ea0f5ac58e3b1ff5d21a6092a

    SHA1

    ac01980900d7f76c1f02c0fc010dfc2b76e7f6c7

    SHA256

    6331d18b028f8ac60b9b333156855fa627344a3c649b71f7c733841f711ee7e8

    SHA512

    214847ffe1da22ddcb635b583d0dcdf1f77ca66cbd1f6f356feba879cbc7894067b0af776a101349f8d9a405333aeae06a8d33cd1b5249412989494318c77f2a

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zFM.exe
    Filesize

    6.0MB

    MD5

    1b9777c82f78f6c3d1178fb7cc8b3c58

    SHA1

    f33aeb42ccef9574befcb8c1b5583b65b93a551d

    SHA256

    fd8dec32b127d36414bc6480976c12b97b59bb367477eec9da124263e31358bb

    SHA512

    35a53dd2be01674e7c18e3c2732008d5df6a29c25def30a3dcd391e7faf9c390652847f9eef2b85ecaf0bd214179b7e14cddb24982f08cbfac0b8211edaba383

    Download Submit

  • memory/2188-113-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-114-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-109-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-110-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-111-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-112-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-107-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-108-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-115-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-116-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-117-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-118-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-119-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2188-120-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download