Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0c15c2b40f...c1.exe

windows7-x64

7

0c15c2b40f...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c15c2b40fd0a496a1ca36d3fbb203c1.exe

  • Size

    885KB

  • MD5

    0c15c2b40fd0a496a1ca36d3fbb203c1

  • SHA1

    01312c3806c9a9d6aa8be11f196544f4d7afaee3

  • SHA256

    6c78f42692176f97269807e4a685a2c9d5d0a811cfa5ccb65b63e2a6da80d182

  • SHA512

    0764bbb2689e99e28b9983553bd9a8eb6eda97428c161c9fcc7dff49ee130d4eff56769a7c24144ec0fffeedf2f18139f88eb70651fd97f44eb15421401080ad

  • SSDEEP

    12288:rbpHYUKy5U1bo9t8DMRSW9vbciUiLuAvOxMt11i27QitjBHANNVAUNE:r5sJo6YrFUiyAak11LtjJ

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c15c2b40fd0a496a1ca36d3fbb203c1.exe
    "C:\Users\Admin\AppData\Local\Temp\0c15c2b40fd0a496a1ca36d3fbb203c1.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1812
    • \??\c:\Windows\svchest000.exe
      c:\Windows\svchest000.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest000.exe
    Filesize

    165KB

    MD5

    c90a0c3877ae2853780f45a3ff3b8f69

    SHA1

    ac7dafee7d82761c03257b006e3188b6ad80a4dc

    SHA256

    6ae5e09b35e9bacd9c680fd3f1ad5f27d5d819c6ae9f6e16c320cedfc865277e

    SHA512

    3c4b3897870c1743f40c47e8a895d7119d9dd69b1288adf8e1ec2b04aa20db9be0a3d3bfce73c93091f4d7ee8d5743b714a59b4e64a2106a0067a464c52ba842

    Download Submit

  • memory/1812-1-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1812-0-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1812-13-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1812-14-0x00000000027E0000-0x0000000002977000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2104-9-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2104-12-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download