Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0129e67673...48.exe

windows7-x64

7

0129e67673...48.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0129e67673c7c3371fea7f271a0ed748.exe

  • Size

    39KB

  • MD5

    0129e67673c7c3371fea7f271a0ed748

  • SHA1

    027c5ac166dc81efad124fba6804b7db1bc847c0

  • SHA256

    36beb1e7347057626b247d97f2b8669c01d0d4437877e61d1e26b470a47476dd

  • SHA512

    21ed09f7308fcf4956c2ab175a37c92d2ea590a7216c9c10f29a005818a338b68f436cf7f6df857811c4f9d8012ed31cdf8b7ba725768acc1f169fd43f154001

  • SSDEEP

    768:SzLoYj/s3MY2C162DG9pFz6uEpYJgiMgIf2aNBIFZCzccx5BXPox:0MYQ3n2WTczxqYJgHf2aNBSZ5cx5Fw

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 5 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0129e67673c7c3371fea7f271a0ed748.exe
    "C:\Users\Admin\AppData\Local\Temp\0129e67673c7c3371fea7f271a0ed748.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Users\Admin\AppData\Local\Temp\0129e67673c7c3371fea7f271a0ed748.exe
      "C:\Users\Admin\AppData\Local\Temp\0129e67673c7c3371fea7f271a0ed748.exe"
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
        "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" DEL:C:\Users\Admin\AppData\Local\Temp\0129e67673c7c3371fea7f271a0ed748.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2768
        • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
          "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" DEL:C:\Users\Admin\AppData\Local\Temp\0129e67673c7c3371fea7f271a0ed748.exe
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync .exe
            "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync .exe" "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" DEL:C:\Users\Admin\AppData\Local\Temp\0129e67673c7c3371fea7f271a0ed748.exe
            5⤵
              PID:2808

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
      Filesize

      39KB

      MD5

      00647b45e593f31f0c29b36829370f76

      SHA1

      39bf36b2ac2b80aac62f730323a69ecfb1feb370

      SHA256

      fa77fa0a89e6ac856b6dc60fb23ffd63d9a09dc670ca8de5daa5c1882139db6d

      SHA512

      eca4e8c83cc5269d28ec93e6e1f35150ec6a49153a181563c37da685c1d97a74748831eda14aa7ac6b33cca31a3d0e9c1502a51673a5f20b6b5c1a442836358b

      Download Submit

    • memory/2228-0-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-2-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-4-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-6-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-8-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-10-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-12-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-13-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2228-14-0x0000000010000000-0x000000001000A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2784-46-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download