Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

1cebba4ae9...f8.exe

windows7-x64

7

1cebba4ae9...f8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cebba4ae9fccf657445f2cc261e632ffdad42d3187f89c738f04802c53c88f8.exe

  • Size

    536KB

  • MD5

    65ba33194af74b823397b0c58dd08431

  • SHA1

    84cbd61cf50ebf943f1bdea7798feb03c145b227

  • SHA256

    1cebba4ae9fccf657445f2cc261e632ffdad42d3187f89c738f04802c53c88f8

  • SHA512

    c9806279df04d989d89cd6b1baf90de51043f071b1a1443e3c6a7421be77673c8a08cd70b4b6bd5505991a000c197fb9e1bcf0234f21e8279503f229d09f6497

  • SSDEEP

    12288:4hf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:4dQyDL9xp/BGA1RkmOkx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cebba4ae9fccf657445f2cc261e632ffdad42d3187f89c738f04802c53c88f8.exe
    "C:\Users\Admin\AppData\Local\Temp\1cebba4ae9fccf657445f2cc261e632ffdad42d3187f89c738f04802c53c88f8.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4208
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    1KB

    MD5

    4ea6521137cdd73a7c45acf526f1d4b4

    SHA1

    4bf6f32d8248e9fac4652fddc0334382b7878f4f

    SHA256

    d93e4c3896e9ca920d5801b8da0744d7fefca10db36dcc3924d6670739e6a6ba

    SHA512

    fd080dae27a35791a9b5ac80ac0ab171479dba762fea76771f2390a6005e8dcbfa5dcc0cbd959449c935eb4ef0b4e1eafde29bbe1196435b73e52fd7b330cc16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    938B

    MD5

    c58ff9ddccba70f310043ed3be885d8a

    SHA1

    7bce851c92eacdd087b539e94313b4ed5c2dd92f

    SHA256

    f411dc71a46c03518d5a74d9349712a0d369173d925a9bc2871d34f3bb2a3235

    SHA512

    7b08e836d3a2d1e6ef82429c8634ea86ea6dc8bd041db387c10102ecd120f138872db3cdcbc5429261ce3e17e32402e336a9fd1dc2d0bbf41b6213a13ab3dc3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    502B

    MD5

    7dbbedeb1d90afc527d4a27b0ef805b1

    SHA1

    59acd025a07dd5e6b98871dfdbaf476e50aba500

    SHA256

    40072dc929bdac0738f9b638999f0e215c503e73d71e9a0f0b77517fb36956e5

    SHA512

    a852fcd2503c61e0a9c1a3da80b1a493e29ff3bb3e6a3f4aa491e905211c3326f23a2112988d8ec5d3ce91499d7d1a2eb8fa819f495dbd72e534dc6981096786

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_D440AC65793A7BBE167BE882B99F465E
    Filesize

    520B

    MD5

    f2fd17b180a5acffb77ff377f8395dd2

    SHA1

    8f273407c2b6371cbdccd2fb8a48ea5954d3da55

    SHA256

    ac097612242b50c55f2646058ced22f075796b07580732dc49df5891326fa4de

    SHA512

    e3a10b87b59df8a827fcfb71c416a5eeac595f99be2303a76efbe84d15ab40852171d2962e9fa8a2226183954094e480c689b74de87f7e5f043286fa218e31d2

    Download Submit

  • C:\Windows\480ae0
    Filesize

    4KB

    MD5

    51b51424faf382a228984780a6eca481

    SHA1

    b3153402ed772b9b2cdf8102ed099f701d3b9e20

    SHA256

    0768ecdab7411a9578b59120c6f0ca7c7ed9becc8b0b2dc998cb7cd3f8bf5482

    SHA512

    b24cf9c4ef26737a25cf8d5d0e0e168ff5d2a0ce27a6269580c0d38af82e310aa4e7a9b74b18f21c2656ba234686c42ae9187eafd657a2d4907406d5a4a5bab8

    Download Submit

  • memory/3420-3-0x0000000002AC0000-0x0000000002AC3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3420-15-0x0000000002BE0000-0x0000000002C59000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3420-4-0x0000000002BE0000-0x0000000002C59000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3420-5-0x0000000002AC0000-0x0000000002AC3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3420-6-0x0000000002BE0000-0x0000000002C59000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4208-13-0x00000000000E0000-0x00000000001E2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4208-0-0x00000000000E0000-0x00000000001E2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4208-24-0x00000000000E0000-0x00000000001E2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4208-27-0x00000000000E0000-0x00000000001E2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4208-44-0x00000000000E0000-0x00000000001E2000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4208-68-0x00000000000E0000-0x00000000001E2000-memory.dmp

    Filesize

    1.0MB

    Download