Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

3dca87dc4a...5a.exe

windows7-x64

7

3dca87dc4a...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a.exe

  • Size

    536KB

  • MD5

    cee2855d2a8d92f5075a1c9efda3cd5d

  • SHA1

    d80a01ae5e699541b8b188a62cd42f62abbf777a

  • SHA256

    3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a

  • SHA512

    8d49ddf2dfa13a1c93d00afda7093127dda268bcb991cae984457286653ebeae0cc43014a0f42669ab68c8d78ff960f44952325bf21860e7008ea36cf09e7211

  • SSDEEP

    12288:Bhf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:BdQyDLzJTveuK0/Okx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1200
    • C:\Users\Admin\AppData\Local\Temp\3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a.exe
      "C:\Users\Admin\AppData\Local\Temp\3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    779295845590ccb0ff29f23b1c086285

    SHA1

    8514bf904e78df185328e4d6d8013f425a5a74c8

    SHA256

    a06d3d11e6515e0a9eb77f36fda1c30aedfc5b00a1634a550aef3e4b85efb656

    SHA512

    c6f7e97274e62f621fc89ed3f4a3c18ebe40d926577b23c16ad55af822031a48f92427a5635cf281943580c219e67bf136ac9b3eec06176fb1640b146eeb4860

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    586afd45aa9817e3a0b480c7cca377d2

    SHA1

    ba2491215326eef6532d9c81f71773ace900c335

    SHA256

    5137f7fe2a73b0cdbe29cee6733d7337f944211befdbc5e134fc5645955f54f4

    SHA512

    95d516a42a53d494505d4b26ed8ee1c90659a916b4a70d95c7afcf4fd77fea4ab4f2dfe95635d4452b4b8ca9be820655c08fb451a370e8db8130562058bb8b9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb74e23d6bfa155170247ddaa9fe44b6

    SHA1

    9ffcb3fc8375949bb722731b834b34da232bc4bf

    SHA256

    dfc7222829c25c9aa5850a2d8fd96e4bcb66b702aa7f962a50eb9c885ed7ff3b

    SHA512

    fbabe5a06423eebd2b7c8ae0dedf761d1ef7e96b23f82e1a47c19253bf6a9a5dde1c905bba57c233ac1fe7b8e206aa6c60011ad50f49c1759b282c3acde27f6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3516.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3548.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Windows\17e668
    Filesize

    778B

    MD5

    6b7ad64b697b6467ecea8b9583b2fb42

    SHA1

    8602233c6d3b236103521645bc93d48a3fcb0efd

    SHA256

    e4348d078c11e00a77c89226e4d907519cbcc8075bafd8c95e786c0972b11954

    SHA512

    f15f0ee133ed26b941b4c30d79395349aa54896b16cc91acf428ef835f310b643b898faaec199632829e10d2b1190b565b0bd2f2b1e4e8c588ab25d6100b1bf8

    Download Submit

  • memory/1200-9-0x0000000002B60000-0x0000000002B63000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1200-10-0x0000000003D70000-0x0000000003DE9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1200-193-0x0000000003D70000-0x0000000003DE9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1200-7-0x0000000003D70000-0x0000000003DE9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1200-6-0x0000000002B60000-0x0000000002B63000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1396-81-0x0000000000DD0000-0x0000000000ED2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1396-311-0x0000000000DD0000-0x0000000000ED2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1396-0-0x0000000000DD0000-0x0000000000ED2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1396-435-0x0000000000DD0000-0x0000000000ED2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1396-739-0x0000000000DD0000-0x0000000000ED2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1396-745-0x0000000000DD0000-0x0000000000ED2000-memory.dmp

    Filesize

    1.0MB

    Download