Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

63d0f60e7a...04.exe

windows7-x64

7

63d0f60e7a...04.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63d0f60e7abc14187bee4ede11aafc04.exe

  • Size

    3.3MB

  • MD5

    63d0f60e7abc14187bee4ede11aafc04

  • SHA1

    e972f08f09342631df1067f2ae52cbaf30d8204e

  • SHA256

    3cd4e793181ea3d22df64365b3f6960155a3987a09d92d78415245af904cfdbc

  • SHA512

    2da3e3235b67991cb9487b106d60f607f17b68c2ff693834f08998dd2a2b1ecab8da153f07f2e00eb7325864f249de1b857c044a192ac792a8a35df16cad0bb5

  • SSDEEP

    98304:558Q2UzpWVXJ4zlji+LPdFSv1pUfPGPydx:4Q2UzpBlj75Fy1pw0A

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63d0f60e7abc14187bee4ede11aafc04.exe
    "C:\Users\Admin\AppData\Local\Temp\63d0f60e7abc14187bee4ede11aafc04.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst6885.tmp\tools.dll
    Filesize

    73KB

    MD5

    d4e4f5e662fa9fdf1731f03c93378f6b

    SHA1

    f64ef0d007e3f388095735751377c38271a9cac3

    SHA256

    4ba7b86d84ed36670fb084e93150111298e46fe0100df33c12bdf383c1c69681

    SHA512

    319f1ba8c37265cdbc51754747b08d401fb92c8c978561b6f6da446a8228d9079249a7e43157b68854869e1c0c618491460d7936cee219e36597cd91a98995d4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst6885.tmp\tools.dll
    Filesize

    22KB

    MD5

    af43e660f24020d213b79806fd739f27

    SHA1

    11ae6275ee9d8c42639d7cb214f0adf143affbf6

    SHA256

    408035b7a60cdb47ff1c20e242ba872fd6ee7f38bbe6ee07a7b5a1d7395487a4

    SHA512

    6e0d1b5bd9016c446fca65f8dcd9ba99380c1cf53534c45fe51b8655ee574df650be536cbc8ae285dbd248261c323cfd021d95aa8952c33f50e6fc58d08f48e5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst6885.tmp\tools.dll
    Filesize

    27KB

    MD5

    5c25562c7d52355ee0324ac1c47ae77b

    SHA1

    2c1fc1e26e7f297824f5d9cca0e335bfaa0f2635

    SHA256

    55618b022c4a4e6e2f0256e09ae7d4080d05cbe2fa7f658cfeb4124e6fc6e135

    SHA512

    756016d4e3ab3efea92f8a068a98223bca3b0985add2db19231a354f3ba1b342445a21245c9e428a3db75cf4c8202d001702102c0303124ec6ae14df71f57876

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst6885.tmp\tools.dll
    Filesize

    58KB

    MD5

    0b970d0d183da0fc46363d178237f41d

    SHA1

    c39eff06fd85c04e9350d5723f6c7e1572f49068

    SHA256

    d38b41b362b14d2635b6f1e789550844d3208e004c7b5c078a047676239cdd2d

    SHA512

    b107f0c9aeacdf69b3fd2df99d3cafebf4c654de1c84444d04296e5d6455a11373517cdde5cbb06ccad5ecadd4fb4e623cc527f012419ce6312e081f95675232

    Download Submit

  • memory/2208-26-0x0000000002E00000-0x0000000002E40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-23-0x0000000074380000-0x000000007492B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2208-19-0x0000000002E00000-0x0000000002E40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-25-0x0000000002E00000-0x0000000002E40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-24-0x0000000074380000-0x000000007492B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2208-29-0x0000000005E80000-0x0000000005F80000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2208-30-0x0000000005E80000-0x0000000005F80000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2208-31-0x0000000005E80000-0x0000000005F80000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2208-38-0x0000000002E00000-0x0000000002E40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2208-39-0x0000000074380000-0x000000007492B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2208-40-0x0000000005E80000-0x0000000005F80000-memory.dmp

    Filesize

    1024KB

    Download