Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

131cb4bac0...d7.exe

windows7-x64

7

131cb4bac0...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    131cb4bac07a6c0bb62b99c3436e9ed7.exe

  • Size

    1003KB

  • MD5

    131cb4bac07a6c0bb62b99c3436e9ed7

  • SHA1

    b6c462824f587a84c42552f62e47d9c8c245d738

  • SHA256

    71f2090aa6bf7d3a01ee849d171ea53fdc78e04e128eeee81792929290bce062

  • SHA512

    00664bc86960ba26e3034e3313951f836b0eda855e49c77e3aee868f792335e1df2814caac3a11aae54024d1dfd3d65f73f63b850534f13ce07ecec474040952

  • SSDEEP

    12288:Iv/HDkCCLbxmUwRT+k2+qyhhvIm/2YoSHUabaiVqJqlTwkzp/h3GX:kgVbxmBRL2lIvLkanVd/tu

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\131cb4bac07a6c0bb62b99c3436e9ed7.exe
    "C:\Users\Admin\AppData\Local\Temp\131cb4bac07a6c0bb62b99c3436e9ed7.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:376
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\_delme.bat
      2⤵
        PID:3800

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_delme.bat
      Filesize

      184B

      MD5

      e76c3d6924ed4d86887170463d4f3f41

      SHA1

      523929a190aadbde21368a9cd9c3f577190ff72a

      SHA256

      233522b8440c206520cf2cf27eee5fc83c90f42559eea0c4349a15af55191110

      SHA512

      b6f8463aaece12be2d9261938ba2de9d4d2421cc58467cfdde8eb1355f52b2aebed8375a7a828cfd9eb04bcf373d193612322decbf989236354cd52d026a99bd

      Download Submit

    • C:\Windows\SysWOW64\myspace~1.dll
      Filesize

      335KB

      MD5

      dc56093798a32fbdeef4dd083fbefd7c

      SHA1

      fa00cbf59110184c042cff4138886ae3b91fefe9

      SHA256

      03dd8ba935931ea50b147d937609ee6cc585ab1786620a4532e3992bfae5da14

      SHA512

      83933edab4034a9398b6285f95a004b216f04ca1c828d1994d5d54ffc9db7e7b66d7edf016dd8eac6e585bf08e8e46448f575e7fefb31b68db0c9f2f5ad951f1

      Download Submit

    • memory/376-0-0x0000000000400000-0x00000000004FC000-memory.dmp

      Filesize

      1008KB

      Download

    • memory/376-1-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/376-10-0x0000000003F10000-0x0000000003FE0000-memory.dmp

      Filesize

      832KB

      Download

    • memory/376-11-0x0000000003F10000-0x0000000003FE0000-memory.dmp

      Filesize

      832KB

      Download

    • memory/376-14-0x0000000000400000-0x00000000004FC000-memory.dmp

      Filesize

      1008KB

      Download