Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

14303216a7...73.exe

windows7-x64

7

14303216a7...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14303216a7dedb014985b13c58308e73.exe

  • Size

    21KB

  • MD5

    14303216a7dedb014985b13c58308e73

  • SHA1

    e1553ed898d1e0aa170573b0d3dda1c181b1928c

  • SHA256

    c61d23e3bdfd9f6d05583e25c98a24f3313e93d77b47d09f06aa2166752e3c3a

  • SHA512

    bd16d8242f3d71c7749060fc134563be7b9e27ab08dce100aa0f3073ed4f28f21c0112c9223e5e3ed3c66338771c861feb05c52c7376581c6e1398fd14a2ec54

  • SSDEEP

    384:nshUHuAdwb492W08W8OY2CWNZ597y68iYf1HRjkzgQJd1Axzr6+S9Pfu7n5c:nmUHuzz8W8ByZj7y68vVRjkzgQKxKdeG

Score
7/10
aspackv2

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs regedit.exe 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14303216a7dedb014985b13c58308e73.exe
    "C:\Users\Admin\AppData\Local\Temp\14303216a7dedb014985b13c58308e73.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Program Files\Common Files\System\smss.exe
      "C:\Program Files\Common Files\System\smss.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3924
      • C:\Windows\SysWOW64\REGEDIT.exe
        REGEDIT /S "C:\Program Files\Common Files\System\start.bat"
        3⤵
        • Runs regedit.exe
        PID:1012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\System\smss.exe
    Filesize

    21KB

    MD5

    14303216a7dedb014985b13c58308e73

    SHA1

    e1553ed898d1e0aa170573b0d3dda1c181b1928c

    SHA256

    c61d23e3bdfd9f6d05583e25c98a24f3313e93d77b47d09f06aa2166752e3c3a

    SHA512

    bd16d8242f3d71c7749060fc134563be7b9e27ab08dce100aa0f3073ed4f28f21c0112c9223e5e3ed3c66338771c861feb05c52c7376581c6e1398fd14a2ec54

    Download Submit

  • C:\Program Files\Common Files\System\start.bat
    Filesize

    291B

    MD5

    239692327ed96d1d23daf92e034275d0

    SHA1

    72368106cfe3dbfa6c7c09068df12b4840a8de23

    SHA256

    b70c591470a52b92ded3a5fef8bc6cc2d0169573bb2aa53956024811c4116c3c

    SHA512

    acd5fdc14f16ee7a3f025c742f1077ac1f3459fade751790a64f7bea995195c82be48334cd27ebae5e00a79d1d6a3dbdf468dfc95eba2149b4dbc317df558067

    Download Submit

  • memory/3188-8-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-12-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-17-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-18-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3924-23-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download