Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

13d52214a7...41.exe

windows7-x64

10

13d52214a7...41.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    8s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 21:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13d52214a7854b79f127abb331e41441.exe

  • Size

    384KB

  • MD5

    13d52214a7854b79f127abb331e41441

  • SHA1

    f6ce7c1ce860087a737bef3c37e65e098e69d159

  • SHA256

    9a0e928bc097345f21409fcaa0df7dd7fc6423162c50adbc52143d782bad3bae

  • SHA512

    22acdb39d0b63997671e1a0a87d1c5fca2cb930a7a3195bf3fe4fff3287baa4073bd0087640c7a3963b84ae128f4db93dd39d5c07dec3206bdb2dd2a8d5d1c30

  • SSDEEP

    6144:GBwtaRv55G5ke9MRs0On1SIFs7Bqwtj9kJ8c0IITjZ0N7/cYL9duz4hwOUu808O3:4R5GdCs0O1BkBqwtjFc0fTjZOT59ozIp

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Windows security bypass 2 TTPs 10 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\ProgramData\043A6A5B00014973000BB725B4EB2331\043A6A5B00014973000BB725B4EB2331.exe
    "C:\ProgramData\043A6A5B00014973000BB725B4EB2331\043A6A5B00014973000BB725B4EB2331.exe" "C:\Users\Admin\AppData\Local\Temp\13d52214a7854b79f127abb331e41441.exe"
    1⤵
    • Windows security bypass
    • Executes dropped EXE
    • Windows security modification
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    PID:2308
  • C:\Users\Admin\AppData\Local\Temp\13d52214a7854b79f127abb331e41441.exe
    "C:\Users\Admin\AppData\Local\Temp\13d52214a7854b79f127abb331e41441.exe"
    1⤵
    • Windows security bypass
    • Loads dropped DLL
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\043A6A5B00014973000BB725B4EB2331\043A6A5B00014973000BB725B4EB2331.exe
    Filesize

    92KB

    MD5

    0907f19d5b445f9ca30161257967402c

    SHA1

    58d3bebe0c4a41ddad1a90c9909ac40b86f8dbb6

    SHA256

    8a2fa06d0dc63f500f22db2fbaf408f5381d2bea082f87d272cc8b75b2a679b7

    SHA512

    cf570921b9ec32886533b51451131cf68c0f0ef63b1206889aa4130d838b1006323cbb3fd3c0d1774afa94a65473a9ce2fbc447f1b3f5690173437f66f2f2260

    Download Submit

  • memory/2308-28-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2308-21-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2308-23-0x00000000001D0000-0x00000000001D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2308-22-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2308-19-0x0000000002040000-0x0000000002041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2308-17-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2308-45-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2308-40-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2308-39-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2808-4-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2808-2-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-29-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-1-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2808-27-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2808-36-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2808-5-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2808-6-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2808-7-0x00000000002B0000-0x00000000002B2000-memory.dmp

    Filesize

    8KB

    Download