Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2aa094ac98...b1.exe

windows7-x64

7

2aa094ac98...b1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2aa094ac987e910da9b1d27bcbd9bbb1.exe

  • Size

    1.7MB

  • MD5

    2aa094ac987e910da9b1d27bcbd9bbb1

  • SHA1

    0f82609951659a92598b8a67fd966f40abb0670d

  • SHA256

    1387a359148d371abc9a001dc292911f8520d48236bc8758d01461cb607562d7

  • SHA512

    24180da41d170021a1ea8d56db8617f76d65898accc16d7ead54b69f16fea76568a6f8c97cadab047313967b96f51d514d2b09315addc0f93f3838b984e8550d

  • SSDEEP

    49152:WJc0pmVTgHdUx7MO5Gt+StYO9PV8sIbXqs7B2csU2:a84dsoYGt+n68Jb/92b

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2aa094ac987e910da9b1d27bcbd9bbb1.exe
    "C:\Users\Admin\AppData\Local\Temp\2aa094ac987e910da9b1d27bcbd9bbb1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst7503.tmp\BDMSkin.dll
    Filesize

    1.3MB

    MD5

    b540a866191f7fd20f5e6355bc2b094e

    SHA1

    df01a0c011e88a1f860db41d474d3fe893f06082

    SHA256

    ce3044e92a827fce76a75dbd817545506dcab76a5f4edac3c9cf37236a1eecb6

    SHA512

    e65aa73a9e8118176f294edeb7a9dc3a71319b218a45de6073622b868bee2fab9d7b6f76577f846cc940b4b949ee0110fbb449df3d77c922464cf6ded1408331

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst7503.tmp\tmplyvfhn.dll
    Filesize

    652KB

    MD5

    49fb988541b434a2962af3e21c3cdabc

    SHA1

    4d19bb3dbc372ba9ea1130335fee829d9c575e7a

    SHA256

    37ea00cb1e28ed1efbaf24dc99255b8ed82a8a12e1b1b08092baec0ccc5ab541

    SHA512

    2e12538ec1add404d6ee7f43c8eff04cdc53221f775fa7a1d78c93ce79697acc42b903793728142d9dc193da8e6cb10d986df824e3943089a88321ebdcd01232

    Download Submit

  • memory/2112-12-0x0000000002C40000-0x0000000002D83000-memory.dmp

    Filesize

    1.3MB

    Download