Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

102e63dc34...85.exe

windows7-x64

7

102e63dc34...85.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 07:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    102e63dc3480222e7ed70b927311d085.exe

  • Size

    284KB

  • MD5

    102e63dc3480222e7ed70b927311d085

  • SHA1

    84df911dae0f57a3cd07a909c8ce4dfaaef1967a

  • SHA256

    15f88c60203d64573fbc5f92c15c3f82858195b5646ad7dd0800008ca7377719

  • SHA512

    2889b00e654e571bf341bc408d7e183fed741d86e2e1ebecd96c53f65013abc50afcd9d71162cdfd956120919cf83f1f4bf1d675e1ec0c372bf64ed2a82eeec3

  • SSDEEP

    6144:toRoGcgrz/7ThnOo26kztF/GwFBld5Z8aDyxXgsvf:tlGcqz/7ThOo2681NvdrDO

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\102e63dc3480222e7ed70b927311d085.exe
    "C:\Users\Admin\AppData\Local\Temp\102e63dc3480222e7ed70b927311d085.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" c:\1b9e8de5-4a44-4f59-b732-7caf50140d1c\start.hta
      2⤵
      • Modifies Internet Explorer settings
      PID:1536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \1b9e8de5-4a44-4f59-b732-7caf50140d1c\InstallerHelper.dll
    Filesize

    132KB

    MD5

    83c69994da6f42e046a437e0fa7c7ddf

    SHA1

    80623cb6cfaf33c5d5041db0b9f10d4518da4971

    SHA256

    fd69b98d502cd75939020d7768399ff9db9a173a0b15e2e239a60793b1361140

    SHA512

    235cbd534d4953ec82209b0d3ce00dd491d390e9c9e67a2165c6a1e2fc6d5faf091307b60ef5c16a7d28cc70865f3ce63b8148b32d66c140973b569f37cadb92

    Download Submit

  • \??\c:\1b9e8de5-4a44-4f59-b732-7caf50140d1c\loader.gif
    Filesize

    1KB

    MD5

    e88ebd85dd56110ac6ea93fe0922988e

    SHA1

    684a31d864d33ff736234c41ac4e8d2c7f90d5ae

    SHA256

    379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

    SHA512

    211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

    Download Submit

  • \??\c:\1b9e8de5-4a44-4f59-b732-7caf50140d1c\start.hta
    Filesize

    1KB

    MD5

    db4ada697fa7a0e215281533d52578e9

    SHA1

    fb755ea8371edf5065dc53e21eb413603f9eba7f

    SHA256

    f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

    SHA512

    9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

    Download Submit