Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

edf17c9cf7...90.exe

windows7-x64

7

edf17c9cf7...90.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    24/10/2023, 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    edf17c9cf70f0213d7ffc5d9fe33ecdeebf3ad374106801b12ec081a146f9990.exe

  • Size

    2.7MB

  • MD5

    a1c2538bfc8c09de60359bfa02e06345

  • SHA1

    6d0fb1dcf1d1749c37eff6521a2b24013b369912

  • SHA256

    edf17c9cf70f0213d7ffc5d9fe33ecdeebf3ad374106801b12ec081a146f9990

  • SHA512

    86e7397d3e817d299beb61332a94ebe55872df66c2d56315243806a917e01c916741fad83c7d10283deb2c80ac4de816aee396f489ebba4eddd8cba1073a6c91

  • SSDEEP

    24576:C+BfpxcseE3rZEw0zzTXrs2YPTEXs13E1RF1Ydx//9Pld:CmfDcmZEwII2YPTa15o

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\edf17c9cf70f0213d7ffc5d9fe33ecdeebf3ad374106801b12ec081a146f9990.exe
    "C:\Users\Admin\AppData\Local\Temp\edf17c9cf70f0213d7ffc5d9fe33ecdeebf3ad374106801b12ec081a146f9990.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\Sevesc.exe
      C:\Windows\\Sevesc.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Sevesc.exe
    Filesize

    145KB

    MD5

    6dcf6c2ee786ab5a1d46a05a5caa2566

    SHA1

    cc07d909162c538e44f600076f2b7e6ee0b48d46

    SHA256

    3d377695125c008ac6e8d8bfe4ed8fa0f7ac2f8da23ba06ab5feb586e86b1056

    SHA512

    56ba40f87e16e6397e971c6fc908d0ec0aaeb16b959b01695648894b3679273b6a86a833935ba79803dc7c83be639c8c4c2810b6049973efe36cf812a626755b

    Download Submit

  • C:\Windows\Sevesc.exe
    Filesize

    145KB

    MD5

    6dcf6c2ee786ab5a1d46a05a5caa2566

    SHA1

    cc07d909162c538e44f600076f2b7e6ee0b48d46

    SHA256

    3d377695125c008ac6e8d8bfe4ed8fa0f7ac2f8da23ba06ab5feb586e86b1056

    SHA512

    56ba40f87e16e6397e971c6fc908d0ec0aaeb16b959b01695648894b3679273b6a86a833935ba79803dc7c83be639c8c4c2810b6049973efe36cf812a626755b

    Download Submit

  • C:\Windows\Sevesc.exe
    Filesize

    145KB

    MD5

    6dcf6c2ee786ab5a1d46a05a5caa2566

    SHA1

    cc07d909162c538e44f600076f2b7e6ee0b48d46

    SHA256

    3d377695125c008ac6e8d8bfe4ed8fa0f7ac2f8da23ba06ab5feb586e86b1056

    SHA512

    56ba40f87e16e6397e971c6fc908d0ec0aaeb16b959b01695648894b3679273b6a86a833935ba79803dc7c83be639c8c4c2810b6049973efe36cf812a626755b

    Download Submit

  • memory/1728-7-0x0000000002320000-0x000000000236E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1728-8-0x0000000010000000-0x000000001005D000-memory.dmp

    Filesize

    372KB

    Download