Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

152e82bb36...27.exe

windows7-x64

3

152e82bb36...27.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    0s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    152e82bb36b1c25cd89bbe14b76ece27.exe

  • Size

    2.0MB

  • MD5

    152e82bb36b1c25cd89bbe14b76ece27

  • SHA1

    434fd6402e04a72438d9160db03c2d8492dc7d7b

  • SHA256

    e0ba08f7e45c59be55719a3954ec51b1c1a077291a2850cd80107d2b656c71a8

  • SHA512

    cb737d7c4e657f7df3fdaf67d1b1cf05ddb0692790fc21a23e2163ae0552eaae84cbfd971f6dbef2accb620d4f97785508c8c032bf3c879177c5c1d47f9b4f4f

  • SSDEEP

    49152:0HWTNzzJOoX7OI+Rg+LdT6nyzm+ePW7UqNXoCccEkLGIay1v16+DOf4zfFLu3:0HqzJOoX7OI+Rg+LdTYyzmLPYNXoCJKR

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry key 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\152e82bb36b1c25cd89bbe14b76ece27.exe
    "C:\Users\Admin\AppData\Local\Temp\152e82bb36b1c25cd89bbe14b76ece27.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Roaming\AVATAR196912_94.GIF
      2⤵
        PID:2880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
          3⤵
            PID:2492
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\syscheck.bat" "
          2⤵
            PID:2608
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V rundll /D "\"C:\Users\Admin\AppData\Roaming\rundll.exe \"" /f
              3⤵
                PID:2500
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c ""C:\Users\Admin\AppData\Local\Temp\syscheck.bat" "
              2⤵
                PID:2628
              • C:\Users\Admin\AppData\Roaming\RUNDLL.EXE
                "C:\Users\Admin\AppData\Roaming\RUNDLL.EXE"
                2⤵
                  PID:2736
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c ""C:\Users\Admin\AppData\Local\Temp\syscheck.bat" "
                  2⤵
                    PID:3048
                • C:\Windows\SysWOW64\reg.exe
                  REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V rundll /D "\"C:\Users\Admin\AppData\Roaming\rundll.exe \"" /f
                  1⤵
                  • Modifies registry key
                  PID:952
                • C:\Windows\SysWOW64\reg.exe
                  REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V rundll /D "\"C:\Users\Admin\AppData\Roaming\rundll.exe \"" /f
                  1⤵
                  • Modifies registry key
                  PID:2776
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V rundll /D "\"C:\Users\Admin\AppData\Roaming\rundll.exe \"" /f
                  1⤵
                    PID:2712

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/2736-42-0x0000000000230000-0x0000000000231000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2736-41-0x00000000002D0000-0x000000000035C000-memory.dmp

                    Filesize

                    560KB

                    Download

                  • memory/2736-454-0x00000000002D0000-0x000000000035C000-memory.dmp

                    Filesize

                    560KB

                    Download

                  • memory/2736-453-0x0000000000400000-0x000000000047F000-memory.dmp

                    Filesize

                    508KB

                    Download

                  • memory/2736-615-0x00000000003E0000-0x00000000003E1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2736-624-0x0000000000400000-0x000000000047F000-memory.dmp

                    Filesize

                    508KB

                    Download

                  • memory/2736-626-0x0000000000230000-0x0000000000231000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3044-39-0x0000000000400000-0x000000000060C000-memory.dmp

                    Filesize

                    2.0MB

                    Download