Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1d5fdb723a...41.exe

windows7-x64

7

1d5fdb723a...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d5fdb723ac312194c77d01633b65e41.exe

  • Size

    116KB

  • MD5

    1d5fdb723ac312194c77d01633b65e41

  • SHA1

    62243a731d6a6676b1d0236a6ae0997b827a305b

  • SHA256

    e4b2fc33abe3dc443b121ff0c08bebf6f0c698b4d47bcb30ca6c793adf4f589f

  • SHA512

    8da78235df204e91595069da8a57cccafec93c1a69d25d04f727ceffbd8c535fb51a19e74789826162ec64d218441989f04e8b5d5da006ceedf6059cf80155a0

  • SSDEEP

    3072:98RTVXDNJqxSA5HDc3I3nNoOsRXurRUQzj+5n/U:SZRcx5VMpOKXur2Qf+5n

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d5fdb723ac312194c77d01633b65e41.exe
    "C:\Users\Admin\AppData\Local\Temp\1d5fdb723ac312194c77d01633b65e41.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Windows\Lxyjia.exe
      C:\Windows\Lxyjia.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Twain001.Mtx
    Filesize

    2B

    MD5

    309fc7d3bc53bb63ac42e359260ac740

    SHA1

    2064f80f811db79a33c4e51c10221454e30c74ae

    SHA256

    ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa

    SHA512

    77dd27d30f4e13a0bcd6fd27ae7567c136d87393e5ee632bccf05b0a0d2bbcc2fc0fd777a8508e26cc4fc579c8da0ab56b7bf179b1adc70f28f7d0eee89fa5f8

    Download Submit

  • C:\Windows\Lxyjia.exe
    Filesize

    116KB

    MD5

    1d5fdb723ac312194c77d01633b65e41

    SHA1

    62243a731d6a6676b1d0236a6ae0997b827a305b

    SHA256

    e4b2fc33abe3dc443b121ff0c08bebf6f0c698b4d47bcb30ca6c793adf4f589f

    SHA512

    8da78235df204e91595069da8a57cccafec93c1a69d25d04f727ceffbd8c535fb51a19e74789826162ec64d218441989f04e8b5d5da006ceedf6059cf80155a0

    Download Submit

  • C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    Filesize

    344B

    MD5

    a3e0b72b1eaff775f824c1f3f2f8e026

    SHA1

    ade3dd32760fc5cccd6a73a9259021b1d7468846

    SHA256

    6228eb03652d2fd5d71fff46e7666bda3a15a65870bbcc3214b74965e60bd99a

    SHA512

    21a9e64790b50f43bb621e4b04c173aff8effb110e1f8280c830d418b50e5201fcb4e911ea761e48944d8bf98a53fc97f1eb3372a200d4a04600dd39d635f36f

    Download Submit

  • memory/1240-20340-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1240-32340-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1240-4-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1240-5-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1240-2-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1240-1-0x00000000001C0000-0x00000000001E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2776-25777-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-15-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-46140-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-46141-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-46142-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-46143-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-46145-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-46149-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2776-46150-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download