Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 22:36

General

  • Target

    40a4d62c0a6870c1ed6a2a790c416d2b.exe

  • Size

    89KB

  • MD5

    40a4d62c0a6870c1ed6a2a790c416d2b

  • SHA1

    1d657e60926827b170a41648e0dfccba93b4dd5d

  • SHA256

    7bffcfb02a86d4da984c2ba742bc27b4bb62399ed9837b9633cbd116269bc7c5

  • SHA512

    e7522cfc99f636dd731d667e8a3b7edbe3a6418172cb0164dd07919841380eef9e42dea08209e38206771d5c36e26819e7afb4d13ff6afc467583459e051c58b

  • SSDEEP

    1536:zgaLdNo2yb3wyNFeQsJ1EOCCovlzFgEOHgq9s+4sZH9WuBik0XFPTbMpMOc5eg+x:rLPo22jeQGaOloNzaW6ukQbI50eEZgC

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\system32\w32tm.exe
    w32tm /config /update
    1⤵
      PID:2768
    • C:\Windows\system32\w32tm.exe
      w32tm /config /syncfromflags:manual /manualpeerlist:time.windows.com,time.nist.gov
      1⤵
        PID:2916
      • C:\Windows\SysWOW64\w32tm.exe
        w32tm /config /update
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1752
      • C:\Windows\SysWOW64\w32tm.exe
        w32tm /config /syncfromflags:manual /manualpeerlist:time.windows.com,time.nist.gov
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1720
      • C:\Users\Admin\AppData\Local\Temp\40a4d62c0a6870c1ed6a2a790c416d2b.exe
        "C:\Users\Admin\AppData\Local\Temp\40a4d62c0a6870c1ed6a2a790c416d2b.exe"
        1⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1960

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\glok+serv.config

        Filesize

        7KB

        MD5

        d6d341f15b40bcebf523927ce3e1e3f6

        SHA1

        eaaee7cda09efdc3a2dd3c2271a7a2c757316728

        SHA256

        ea1e43cf75745071db95953557013fcc4d84d097f7f183ea78c0d600046366e9

        SHA512

        04e3125ff58ef75c133b8dccfef06670ba228d82513e19e6934d4f43f03ba00e28e2b27bd66070df2352f9dfafdaee90fc28256cd8dc5af1901cf9fe674ad9bc