Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

18cd51677f...28.exe

windows7-x64

7

18cd51677f...28.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    128s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18cd51677fb6944317f3209b11b94d28.exe

  • Size

    72KB

  • MD5

    18cd51677fb6944317f3209b11b94d28

  • SHA1

    7e8f9c59752365ac88b6c1added3765047f5863c

  • SHA256

    52cfe43debf34b64f8f12f33bbc9e808dab4871c504172ba1368b8a79d73fc90

  • SHA512

    18d07db2a90974021253a8ad11da2b74f5455585cf61717ba2a164cecb8fcfee1392af7f809318a3132917033d36ec29fae3e040c83687211a6d842340f4bc12

  • SSDEEP

    1536:XmRSqKWQaI7xgHaFDujsxP3udhscFhwK8e0cg6YGF/YhhATllDU:X/Z2HcujsxPSscFhayYyYcTllDU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18cd51677fb6944317f3209b11b94d28.exe
    "C:\Users\Admin\AppData\Local\Temp\18cd51677fb6944317f3209b11b94d28.exe"
    1⤵
    • Drops file in System32 directory
    PID:2204
  • C:\Windows\SysWOW64\mszrakbx.exe
    C:\Windows\SysWOW64\mszrakbx.exe /service
    1⤵
    • Executes dropped EXE
    PID:2672
  • C:\Windows\SysWOW64\mszrakbx.exe
    C:\Windows\SysWOW64\mszrakbx.exe /service
    1⤵
    • Executes dropped EXE
    PID:600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\mszrakbx.exe
    Filesize

    72KB

    MD5

    18cd51677fb6944317f3209b11b94d28

    SHA1

    7e8f9c59752365ac88b6c1added3765047f5863c

    SHA256

    52cfe43debf34b64f8f12f33bbc9e808dab4871c504172ba1368b8a79d73fc90

    SHA512

    18d07db2a90974021253a8ad11da2b74f5455585cf61717ba2a164cecb8fcfee1392af7f809318a3132917033d36ec29fae3e040c83687211a6d842340f4bc12

    Download Submit

  • C:\Windows\TEMP\WinRpt00.tmp
    Filesize

    504B

    MD5

    0976908d31d7d83a0be1df38e0f8f3b2

    SHA1

    4accf4502e6f0e16a05d3ebb514cd67708a97f5d

    SHA256

    a34f3fa42360147a037f7cf616ac5f0ec129d7e99615a747ce2f0c6767702023

    SHA512

    039be76093671c684819f335bd3096cc2313f14310f0b4d3d9bbe2001986943a1b624841c2777983eedfdbe481ca468488c62f72c07b7f446348afdcc257b7d2

    Download Submit

  • memory/600-10-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/600-13-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2204-0-0x0000000000240000-0x000000000025B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2204-1-0x0000000000260000-0x000000000026D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2204-2-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2204-6-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2672-5-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2672-8-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download