Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

9affff4fc5...24.exe

windows7-x64

7

9affff4fc5...24.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9affff4fc51b2a2a62ac56229b2ec524.exe

  • Size

    350KB

  • MD5

    9affff4fc51b2a2a62ac56229b2ec524

  • SHA1

    a12b94314518eba705fc5c0bcc25d549782bae1b

  • SHA256

    7e269148adeaef822514a3b2271b459192cb6c3fd87493a8ca206e678548845c

  • SHA512

    877e731e10b03ca297c3655d0d8e1f0fe13f1833e6c2f9e0e1f4cd7120355221d4b38599c59b6fca50cea2d5a261dde35afed89eb4c49f79114e00c7584214d9

  • SSDEEP

    6144:Z5FrtlrIiswtAyxmbeoYRMHpeW+5GZqNhHCUKM:ZHrtqi3trxg4uHJXZqNhHCTM

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9affff4fc51b2a2a62ac56229b2ec524.exe
    "C:\Users\Admin\AppData\Local\Temp\9affff4fc51b2a2a62ac56229b2ec524.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\Sysceamnhcsz.exe
      "C:\Users\Admin\AppData\Local\Temp\Sysceamnhcsz.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Sysceamnhcsz.exe
    Filesize

    350KB

    MD5

    d1af01ca77706336f0d4deb0e5ff6eee

    SHA1

    6556ddf8a904b09c8202ee48a0334b0740aa5eb6

    SHA256

    89c9326f6436ac542dc42ed15abd7f3c4a3f74a280fed3b4f1dd87b4c6ebf047

    SHA512

    ed3746938738e1142f538bf22f6e0bfa21dea197b5f982dce9aba4ebf79b7e423cbf8305c5ba7a0494b4f1e8a2e13bc9399910432437285b661dd83ed25a2632

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cpath.ini
    Filesize

    70B

    MD5

    b3ab3ae3b40cbdf6000cba68f27cb684

    SHA1

    847292267dd6d560ab34e34dbea25f3528ebf2fa

    SHA256

    5c2da36d943cc5f6bd61c7e95b9693e9ecd1b4e98f02106f6162587af899af5d

    SHA512

    880a97b3e65a5a16b9a6ec6e3f492b8182d6b510d40a510998a01d57f21cb1a29df90b32e65552bfe143836e2fb70a11441f97d664bc2f7813a544fa7b7f15a5

    Download Submit