Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    93s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 23:56

General

  • Target

    44abb3e39573a2e1d1cdc787c41bc7ca.exe

  • Size

    144KB

  • MD5

    44abb3e39573a2e1d1cdc787c41bc7ca

  • SHA1

    4800af743c8f6117360aba3ecd4c393d99ff7ba8

  • SHA256

    73e9814afae15d32be894cd397ee30391527608368f8f2c4aa71734abf4bfba4

  • SHA512

    5be67214070557c0f9f85b3baa36c67d17ee439531e747d726e3f129dee9b39d5d0b217fd21439321a2f98ae27cbf625f497482d22031ecc7e338c1ae00fd0c7

  • SSDEEP

    3072:QuYTsR3nSVl8r9rMj7Vmk1Hpv35Q0NgEGQe2wvW:FSW9rEmkZXQJQk

Score
7/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44abb3e39573a2e1d1cdc787c41bc7ca.exe
    "C:\Users\Admin\AppData\Local\Temp\44abb3e39573a2e1d1cdc787c41bc7ca.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:4800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\AuditNativeSnapI.dll

    Filesize

    13KB

    MD5

    38a1e0b1b1c438c89593ea23cab07b76

    SHA1

    26a6a2c3eaebd33febd371effdf822b95cc3570c

    SHA256

    3df8599eb71ec82f13c4737d939189cd63a4bd65973e592ea6a73179a0e1a551

    SHA512

    79061a1ffc8ea7f7b6f8a43beb2b4e03cb02112dc145fd761fe14ea563e7f62520c8470e07d08fd77d5c299b69a60580d2c6e7f63d440532237cb8b6690a8428

  • C:\Windows\SysWOW64\AuditNativeSnapI.dll

    Filesize

    1KB

    MD5

    fbf49975c677dc7f1f4c5ba37378d3e3

    SHA1

    6fe1f2d1937126fe7e27b2edb57dc25546fe74d9

    SHA256

    376a7af95b28a996578d539e9761bfb4cec1418ef014ad5018858b4121b235ad

    SHA512

    f8d2bd0ad5d628a1ab4db89e23f1853eb9760822fca80ecbaeea57b808b8b05b100ee3bfe89f545af473a213bb01d60fae7883d17ab69e84c727f5626b1d528c

  • memory/4800-0-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

  • memory/4800-3-0x0000000000750000-0x0000000000791000-memory.dmp

    Filesize

    260KB

  • memory/4800-4-0x0000000000750000-0x0000000000791000-memory.dmp

    Filesize

    260KB

  • memory/4800-5-0x0000000000750000-0x0000000000791000-memory.dmp

    Filesize

    260KB

  • memory/4800-7-0x0000000000400000-0x0000000000424000-memory.dmp

    Filesize

    144KB

  • memory/4800-6-0x0000000000750000-0x0000000000791000-memory.dmp

    Filesize

    260KB