Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

70a637fd5f...6c.exe

windows7-x64

7

70a637fd5f...6c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 13:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70a637fd5f2700e34282a109bee2916c.exe

  • Size

    611KB

  • MD5

    70a637fd5f2700e34282a109bee2916c

  • SHA1

    bc04a92e361af347431a54ee7421b19f00d79736

  • SHA256

    11cd99e3139ac888896ac1da958177dc8e22c1aa22a49f57a21b3136992e7de9

  • SHA512

    b45f87e0a33ff1a8ac711f98e037aa39c0d99bfbcead65d48d99f2a8610983c618bbdef812f61ac8b0606c6cec36095d51dad31deae2e17be0babdc29af0f4c5

  • SSDEEP

    12288:fWvTTAfgp+Nz8o43TEazs5hzPRx1M4auuSJFfvHY:+LTAfBE3TEazs/tXdbuSLvHY

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70a637fd5f2700e34282a109bee2916c.exe
    "C:\Users\Admin\AppData\Local\Temp\70a637fd5f2700e34282a109bee2916c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Users\Admin\AppData\Local\Temp\n9956\s9956.exe
      "C:\Users\Admin\AppData\Local\Temp\n9956\s9956.exe" 23f3dae20b723ae93090662097r/fl5sFugzhVE/4+6inMMtZJ6Mu0VTE9XW3qFmRpmM5/2OiGuiWgAn/RgWayugTqlbfES9G+opp1ZE70wygCqyoQdUMhxPfIMGfqv7Tiejh7CM8KHG+cgrLjPrL2yD9txcnkmbgnOr3KGkZcj+HxP7Meh/V0DQkdGMtSw= /v "C:\Users\Admin\AppData\Local\Temp\70a637fd5f2700e34282a109bee2916c.exe" /a
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1160-15-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1160-16-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-127-0x0000000000570000-0x0000000000580000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1160-128-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-129-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-130-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-131-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-132-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-133-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-134-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-136-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-135-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1160-137-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1160-139-0x00000000020E0000-0x0000000002160000-memory.dmp

    Filesize

    512KB

    Download

  • memory/1160-138-0x000007FEF5CD0000-0x000007FEF666D000-memory.dmp

    Filesize

    9.6MB

    Download