Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4d6544651c...3f.exe

windows7-x64

7

4d6544651c...3f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d6544651cb7df710dec01b86da54b3f.exe

  • Size

    617KB

  • MD5

    4d6544651cb7df710dec01b86da54b3f

  • SHA1

    4d2b3f9a2504824bc937be24cda6f59212c2ca5c

  • SHA256

    e296f01aba2c0a00695d44dfd45873ce02b069ca4371018062cfe83f092bdd54

  • SHA512

    60aa0a74bf57c584f09a5307d7948f8de387231e8a460e0b9f0742d2472e7ef5539c00a59d0d7d926cb5b70b988699e7c86c0262899ce5462d7bf02c1c4c637e

  • SSDEEP

    12288:jMUQptdPz4l1GrBYkqRdDF3Z4mxxnDqVTVOC0JGp7x:YUQBPS12qkqRNQmX2VTz0JGp7x

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\program files\common files\microsoft shared\msinfo\Server_Setup.exe
    "C:\program files\common files\microsoft shared\msinfo\Server_Setup.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\UNINSTAL.BAT
      2⤵
        PID:2580
    • C:\Windows\Hacker.com.cn.exe
      C:\Windows\Hacker.com.cn.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1696
      • C:\WINDOWS\SysWOW64\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        2⤵
          PID:2824
      • C:\Users\Admin\AppData\Local\Temp\4d6544651cb7df710dec01b86da54b3f.exe
        "C:\Users\Admin\AppData\Local\Temp\4d6544651cb7df710dec01b86da54b3f.exe"
        1⤵
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2108

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Common Files\Microsoft Shared\MSInfo\Server_Setup.exe
        Filesize

        276KB

        MD5

        8632a80f382f17c27e73751a9b242b92

        SHA1

        97236014401246e44fea1bb31a6f62221b8f25c3

        SHA256

        bdd0a6a722cfe76b201b8c35e87bd927a11a4e0f197998b228bbee07fd8af46f

        SHA512

        30e8c0fadb2898a2bd30092ac45c90cb85538647cb20a77ef517391528c78e04b53fb57ec8ff1d001030df9936db2fcdffbec7896912c3220e4ead27c4e47da1

        Download Submit

      • memory/1696-69-0x0000000000400000-0x000000000050C000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1696-52-0x0000000000400000-0x000000000050C000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1696-53-0x0000000000270000-0x0000000000271000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-14-0x00000000004D0000-0x00000000004D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-21-0x0000000000510000-0x0000000000511000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-40-0x0000000000350000-0x00000000003A4000-memory.dmp

        Filesize

        336KB

        Download

      • memory/2108-39-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-28-0x0000000000690000-0x0000000000691000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-0-0x0000000000400000-0x00000000004A5000-memory.dmp

        Filesize

        660KB

        Download

      • memory/2108-35-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-32-0x00000000031B0000-0x00000000031B5000-memory.dmp

        Filesize

        20KB

        Download

      • memory/2108-31-0x0000000003240000-0x0000000003241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-30-0x0000000003210000-0x0000000003211000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-27-0x00000000006A0000-0x00000000006A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-26-0x0000000000530000-0x0000000000531000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-25-0x0000000000540000-0x0000000000541000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-24-0x0000000000560000-0x0000000000561000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-23-0x0000000000680000-0x0000000000681000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-22-0x00000000003F0000-0x00000000003F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-1-0x0000000000350000-0x00000000003A4000-memory.dmp

        Filesize

        336KB

        Download

      • memory/2108-2-0x0000000000310000-0x0000000000311000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-6-0x0000000000340000-0x0000000000341000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-7-0x0000000000250000-0x0000000000251000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-37-0x0000000000400000-0x00000000004A5000-memory.dmp

        Filesize

        660KB

        Download

      • memory/2108-45-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-20-0x00000000004E0000-0x00000000004E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-19-0x00000000004F0000-0x00000000004F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-18-0x00000000003D0000-0x00000000003D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-17-0x00000000003E0000-0x00000000003E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-16-0x0000000000500000-0x0000000000501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-15-0x00000000004B0000-0x00000000004B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-3-0x00000000002F0000-0x00000000002F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-13-0x00000000031C0000-0x00000000031C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-12-0x00000000003B0000-0x00000000003B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-11-0x00000000031D0000-0x00000000031D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-10-0x0000000000320000-0x0000000000321000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-9-0x0000000000330000-0x0000000000331000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2108-8-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2792-50-0x0000000000400000-0x000000000050C000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2792-47-0x00000000002B0000-0x00000000003BC000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2792-46-0x0000000000310000-0x0000000000311000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2824-55-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2824-59-0x0000000000400000-0x000000000050C000-memory.dmp

        Filesize

        1.0MB

        Download