Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

10e1016e14...d7.exe

windows7-x64

7

10e1016e14...d7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 08:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10e1016e1493f4fe4d1beaa94b2873d7.exe

  • Size

    43KB

  • MD5

    10e1016e1493f4fe4d1beaa94b2873d7

  • SHA1

    28a77d75c6379ad6e33dbc776d0a90ac46d24844

  • SHA256

    cf3a974b073a510285cc49223ceb0b23d24b5b29b6562e32ea4540f3c82bf0a7

  • SHA512

    66037835663c14d93420bc630b21d5b93a84699fe42cc8cfbc21907610c1305444b3a6c29990b14a006f509ba243fa061219d8a22eae0a8e338355b290de9c28

  • SSDEEP

    768:BcL22h+SkmVeJ4zfwcl+oou2C0EStY3CxyLMQH+5JBe033yf:GTLkmXzj3o3CqtY384H+5JBe03if

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10e1016e1493f4fe4d1beaa94b2873d7.exe
    "C:\Users\Admin\AppData\Local\Temp\10e1016e1493f4fe4d1beaa94b2873d7.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\SysWOW64\EXPL0RER.EXE
      "C:\Windows\system32\EXPL0RER.EXE" "C:\Users\Admin\AppData\Local\Temp\10e1016e1493f4fe4d1beaa94b2873d7.exe"
      2⤵
      • Executes dropped EXE
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\EXPL0RER.EXE
    Filesize

    43KB

    MD5

    10e1016e1493f4fe4d1beaa94b2873d7

    SHA1

    28a77d75c6379ad6e33dbc776d0a90ac46d24844

    SHA256

    cf3a974b073a510285cc49223ceb0b23d24b5b29b6562e32ea4540f3c82bf0a7

    SHA512

    66037835663c14d93420bc630b21d5b93a84699fe42cc8cfbc21907610c1305444b3a6c29990b14a006f509ba243fa061219d8a22eae0a8e338355b290de9c28

    Download Submit

  • C:\tempfile.dat
    Filesize

    3KB

    MD5

    3d66101a0781f9983a50f24098b82b33

    SHA1

    97e86b0953b4aed591717c1c5f1013e29807cefa

    SHA256

    24ea4b268b0ab24de1a846b5fc02f5daf476c18fdbf90040d4245d4ec5b986f1

    SHA512

    d64c391a710b0cbaa1e178a6b142580abc66b3cb2b241e1669ce59cb312e5b08216767546e850c0d677551b82f5816fd4ac1d235c0fb0dc88272a7298ef3a6cf

    Download Submit

  • memory/2624-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2624-16-0x0000000002ED0000-0x0000000002EF1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2624-19-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2624-24-0x0000000002ED0000-0x0000000002EF1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2624-9-0x0000000002ED0000-0x0000000002EDB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2624-27-0x0000000002ED0000-0x0000000002EF1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2744-25-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2744-26-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download