Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

6ad65da4a8...39.exe

windows7-x64

8

6ad65da4a8...39.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    176s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ad65da4a8999897c2bbaea1c88c9f39.exe

  • Size

    124KB

  • MD5

    6ad65da4a8999897c2bbaea1c88c9f39

  • SHA1

    a4966349d1fd70dca26314b0304e1673b4e3cdce

  • SHA256

    13bb66188c0414b1877c0932a60dcf02c14a00e9bbdd93f8a84a72aab728e711

  • SHA512

    7902b459f2a84c24211991e3884fc34df1175e74cc288c4c69d785765162bd00f17115bb56c82703c08b85d51f50b7f04d7bf140f8320ec2dacb6a6e53d6e165

  • SSDEEP

    3072:WMV27Wolfw3I3Y5jiQVZQrKCD+RRluJVrLDvwl0:WMVClfw4IkQ0URrujDk

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ad65da4a8999897c2bbaea1c88c9f39.exe
    "C:\Users\Admin\AppData\Local\Temp\6ad65da4a8999897c2bbaea1c88c9f39.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\6AD65D~1.EXE > nul
      2⤵
      • Deletes itself
      PID:2656
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Loads dropped DLL
    PID:2624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\windows\SysWOW64\fastuv32.dll
    Filesize

    60KB

    MD5

    eecf104acbda06fd577e9de0ae2a7eb9

    SHA1

    a1be7931b3ccc0ce6b7017de870d931d1d3bec1b

    SHA256

    f177e6c67c3208edd9a2191d5db455bb8aaf831c6fa95f21bfa3c350d077762c

    SHA512

    c0434d733fe22f9fc9dd98a975b42bfa9de9bca2d0552199a5cd7c8afaf4c6d07f4107d176a78192c575ce3aa731ee82c2d70efc1de8a7bf7087f8c8bfcd8f00

    Download Submit

  • memory/900-0-0x0000000000400000-0x0000000000423028-memory.dmp

    Filesize

    140KB

    Download

  • memory/900-9-0x0000000000400000-0x0000000000423028-memory.dmp

    Filesize

    140KB

    Download