Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

21a7de03e2...8f.exe

windows7-x64

7

21a7de03e2...8f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21a7de03e23aa1d69a1e07deae33d88f.exe

  • Size

    122KB

  • MD5

    21a7de03e23aa1d69a1e07deae33d88f

  • SHA1

    7fe8e6e7dba3f81749150e6c91201af87912b53e

  • SHA256

    34fa20ddcc09c318d3a0ec37f7c0616dac7851490a4a6057e015a93806248a31

  • SHA512

    aa3fcc7faad39d98367b12243502acb2f56f532639d2f88bb39449caca3ca35a422b025b0e24e4308aeb87428f401ac19f30514001f2f7ce143ef84d05dbc68e

  • SSDEEP

    3072:LYP2XerzhOUxu/XUtauE8zXRzL9SYAa5uqj:Lu2urzh9xu/XkauJzXRXXA0uC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21a7de03e23aa1d69a1e07deae33d88f.exe
    "C:\Users\Admin\AppData\Local\Temp\21a7de03e23aa1d69a1e07deae33d88f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\sintia_update\actualizacion.exe
      "C:\sintia_update\actualizacion.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\sintia_update\data.ini
    Filesize

    82B

    MD5

    d8e94d87003b01d04967411f8c989a4a

    SHA1

    265cdcf370bc6c55903687dce37fae0fca289952

    SHA256

    d7517b5492f693f71d529dcd94bfd5d2a371f61f7787d73eb1de470cf3023f2e

    SHA512

    96dec75df8d37fba3682a3a742d3f10d99d60e572f4088607ca52357ea9e966907f99b02591958718404def5ce554887f390034f9600246a9061156b87f4e24a

    Download Submit

  • C:\sintia_update\data\actualPlanillas.ini
    Filesize

    5KB

    MD5

    583a63ef90b9f23c2146c9d7d4d64fcc

    SHA1

    e7fdadab4143b51d81c68170dd1a494daac73e31

    SHA256

    72b96f1624f789b467c768c40c4e24087a36e3b2593af45a4a083815ce558d9f

    SHA512

    3b4d9e609944384f17f39c3e4f156c52bf7337ed72db4a182e2fc68a10e3d300acf6bc8933073e642527b718465364ba7d7cb33db358a86d2ff74b11e658afb9

    Download Submit

  • \sintia_update\Actualizacion.exe
    Filesize

    96KB

    MD5

    5470f03c4bcaec5a53e70a427ca36e78

    SHA1

    49f83fbc3cbf2d2f74ddae6b3b3768996762f9b2

    SHA256

    f298bcac70ae491e164085ae4f02ef92417565f448ec8386395af61a5ed5f3f1

    SHA512

    8a97c6cc48a9ddad08f84396dde34437f926a44d740cb2b72d74344fe10968c28cb8195f9809d8d0b93b3eae4a49d455ce1184fbe465d8f508953fd1bebbc0f8

    Download Submit