Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

3dca87dc4a...5a.exe

windows7-x64

7

3dca87dc4a...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a.exe

  • Size

    536KB

  • MD5

    cee2855d2a8d92f5075a1c9efda3cd5d

  • SHA1

    d80a01ae5e699541b8b188a62cd42f62abbf777a

  • SHA256

    3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a

  • SHA512

    8d49ddf2dfa13a1c93d00afda7093127dda268bcb991cae984457286653ebeae0cc43014a0f42669ab68c8d78ff960f44952325bf21860e7008ea36cf09e7211

  • SSDEEP

    12288:Bhf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:BdQyDLzJTveuK0/Okx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3316
    • C:\Users\Admin\AppData\Local\Temp\3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a.exe
      "C:\Users\Admin\AppData\Local\Temp\3dca87dc4af4ecbe92e2591bdccbcca5885a8dedb321c24a4b9fdb0130a5415a.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    1KB

    MD5

    1d41758e080d4ebcf81630b4db50cf8f

    SHA1

    8c249d4eed398fea33cade3a972e3bf4e6c0b16c

    SHA256

    92412a85669b889a1fe94c1c43f86c796e6278f18067f0253ed06a5b91b5a7a1

    SHA512

    ab7066f48c3f7a02e22c803473f59465df19ce031365f8e0e23587eca76512f0ec3add8f4d4eec2642761df81a517afeb3011c48405207f58d479d584d4aad3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    939B

    MD5

    c33902ba80698d5b22a508d79414cc2a

    SHA1

    fafe4e242e857d45741c36c1925de8e171ada2b0

    SHA256

    67c27a6ff6da949746a432f2feef1e8f699d89b88ce9d2240673614be2201fba

    SHA512

    1af1a62d9f77a05693e9ed46b54509c567a08bef8817cd0939f603db816964324c168f109b0b8b4b31032132cae6be4e4add7fa3bc46668accd0a7cff52cb114

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    502B

    MD5

    8c989e33fd158db37bc558a036f6d6eb

    SHA1

    645f377f02b24ef618ca1db674f89859688aee75

    SHA256

    b768dc0cc78b7e0cf66db6ad062c53f7edd9ae4445b5f073d6a84eeb08d34358

    SHA512

    838a5dac6f6c5334af931899381112d303a12a0b25089febde679855972958f4e06f20110cde25450546092e34e0a164ea7b9326f09b3267d2176e3ea5101106

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    520B

    MD5

    4b37350c9cc37634013e731eae15f006

    SHA1

    5fd8c56d7787fedd55edb72965e8e836a0137ffc

    SHA256

    6512a6c968bf2bfcf8500513aca6d6289b7abe2e0b465d4ff46695a7f83aff6d

    SHA512

    6a7b200ab2e4629795a5ffce7dfb95b6ef3fc64c0315727c8ed7e8f0962e23318f4e87671d5aa69bf3e3bad6c06d12eb58d2b943a99aceae5a8ef229045c303f

    Download Submit

  • memory/3316-7-0x00000000033F0000-0x0000000003469000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3316-4-0x0000000002FB0000-0x0000000002FB3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3316-16-0x00000000033F0000-0x0000000003469000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3316-6-0x0000000002FB0000-0x0000000002FB3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3316-5-0x00000000033F0000-0x0000000003469000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3316-3-0x0000000002FB0000-0x0000000002FB3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4144-14-0x0000000000590000-0x0000000000692000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4144-21-0x0000000000590000-0x0000000000692000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4144-0-0x0000000000590000-0x0000000000692000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4144-27-0x0000000000590000-0x0000000000692000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4144-34-0x0000000000590000-0x0000000000692000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4144-44-0x0000000000590000-0x0000000000692000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4144-63-0x0000000000590000-0x0000000000692000-memory.dmp

    Filesize

    1.0MB

    Download