Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

1e4280c4bc...6a.exe

windows7-x64

10

1e4280c4bc...6a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e4280c4bc3bcbdff348a058b0ba8f6a.exe

  • Size

    76KB

  • MD5

    1e4280c4bc3bcbdff348a058b0ba8f6a

  • SHA1

    e1d1ed450d3067694d72f792069793ecb4f87182

  • SHA256

    65da90980f04143094809ccff3d1d09e473c758d817be69cfc91955e41579aaa

  • SHA512

    ec68c262e02af08bf4ea8723f57778b8af2a96b2d9e94686b2d8492ec734a273602c74e732deebf251fedeb791b23c973bb8d7fb91ce1b56f0a91ae9af8c5839

  • SSDEEP

    768:FJxSACC85zFZSUkK8YW4oDXnAKkXuToLCkUM76or7lf7GIY:DxSASaz54FKkXuTocM76t5

Score
10/10
evasionspywarestealerupx

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 4 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e4280c4bc3bcbdff348a058b0ba8f6a.exe
    "C:\Users\Admin\AppData\Local\Temp\1e4280c4bc3bcbdff348a058b0ba8f6a.exe"
    1⤵
    • Modifies firewall policy service
    • Checks BIOS information in registry
    • Suspicious use of WriteProcessMemory
    PID:4856
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\1E4280~1.EXE00.bat
      2⤵
        PID:4040

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1E4280~1.EXE00.bat
      Filesize

      192B

      MD5

      b20b2d00fae8eecc18cc07dcd38a7da2

      SHA1

      ce8ceea1f7ef42c39e966923434146fe4b2d2232

      SHA256

      730111e3fd8de747f60965423bfa236702cb0d12e5c5f7cd8600e21c9efea863

      SHA512

      8c117ed9679432e72e80ab38a4de15736151c72f3239fdc03c0c84345f56902606412b2ac906f39a4a4e63bd1c305b11fe565d39096f773f17a754553d8fefa1

      Download Submit

    • memory/4856-0-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download

    • memory/4856-2-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download

    • memory/4856-5-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download