Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

012755ccc0...3a.exe

windows7-x64

7

012755ccc0...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    012755ccc0c4c25632653658c117cc3a.exe

  • Size

    1.5MB

  • MD5

    012755ccc0c4c25632653658c117cc3a

  • SHA1

    20632a682d1cb5e5a6af8573c46fd2de04bb7747

  • SHA256

    cb784822fcaa9dd262d06813105993fcb5d2e4ff1a5c0e129c60d4ca924e0ee0

  • SHA512

    feb82c70215bdb39a5d32c1a2cc11f149ee710ceedd3a29a9d154c1481a545f75bea76e5ef30472a4512c7db6df9141a09faac9d04338e48d2e082a0c0639fdf

  • SSDEEP

    24576:lqet3SdZ9xauWImtIfQ0d44Et22FcNUbl8R4OvJayv8lsnrKLs+rs4ied6Mp:VkdQSmtNxt2LNH4OvoyCErD+44iU6U

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 56 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1260
      • C:\Users\Admin\AppData\Local\Temp\012755ccc0c4c25632653658c117cc3a.exe
        "C:\Users\Admin\AppData\Local\Temp\012755ccc0c4c25632653658c117cc3a.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2392
        • C:\obadah.exe
          "C:\obadah.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:1980
          • C:\obadah.exe
            C:\obadah.exe
            4⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2716
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 96
            4⤵
            • Program crash
            PID:2732
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\ÊäÊÇß ØíÇÒí.wmv"
          3⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2888

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\obadah.exe
      Filesize

      77KB

      MD5

      ade2d9fe0cecc4dffbaaf6fced5aeefc

      SHA1

      345023485a17eae171d92cac174151f21530e452

      SHA256

      fccb081986e5cf25e5f7ef9dd7bf9bb1da97f29aed3bdd7f8517f71b1d661c5f

      SHA512

      c1d7238c9c763f8789a9e9a6526de03d73bed45fe4b59a732f92f16956ec9aef849828f59b88b6605d9f131c7d1322a613164c740435989681670568f5a15420

      Download Submit

    • C:\ÊäÊÇß ØíÇÒí.wmv
      Filesize

      186KB

      MD5

      840c4aefa23b7823f083dd3892671694

      SHA1

      a8f70f0062b409100decfa3fcfeeadb2edbfc611

      SHA256

      b1ee2f0c786eef3d55859a40fd24c2223cfdc70548e32afb9297133f55866229

      SHA512

      78d2d54a5521812c43ecbe6c9ead11f2ba96ad4f0c8a5a1698992ba84e3a87092d7f12681c8e5718af3663cdfc722cb8cf46bb62b07c1d49737bbd2ff6055796

      Download Submit

    • memory/1260-21-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1260-24-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1980-30-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2392-17-0x0000000010000000-0x0000000010181000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2716-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-9-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2716-13-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2716-18-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2716-16-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2716-20-0x0000000000020000-0x0000000000032000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2716-35-0x0000000000020000-0x0000000000032000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2888-53-0x000007FEF6B20000-0x000007FEF6B41000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2888-60-0x000007FEF4C40000-0x000007FEF4C58000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2888-43-0x000007FEFB120000-0x000007FEFB138000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2888-44-0x000007FEF7850000-0x000007FEF7867000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2888-37-0x000007FEF5F10000-0x000007FEF61C4000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2888-45-0x000007FEF7830000-0x000007FEF7841000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-46-0x000007FEF7120000-0x000007FEF7137000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2888-47-0x000007FEF6B90000-0x000007FEF6BA1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-48-0x000007FEF6B70000-0x000007FEF6B8D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2888-49-0x000007FEF6B50000-0x000007FEF6B61000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-50-0x000007FEF4E60000-0x000007FEF5F0B000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/2888-51-0x000007FEF4C60000-0x000007FEF4E60000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2888-52-0x000007FEF6610000-0x000007FEF664F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2888-31-0x000000013FA50000-0x000000013FB48000-memory.dmp

      Filesize

      992KB

      Download

    • memory/2888-54-0x000007FEF65F0000-0x000007FEF6608000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2888-61-0x000007FEF4C10000-0x000007FEF4C40000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2888-62-0x000007FEF4BA0000-0x000007FEF4C07000-memory.dmp

      Filesize

      412KB

      Download

    • memory/2888-63-0x000007FEF4B30000-0x000007FEF4B9F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/2888-64-0x000007FEF4B10000-0x000007FEF4B21000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-36-0x000007FEF7870000-0x000007FEF78A4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/2888-68-0x000007FEF48D0000-0x000007FEF4A48000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2888-69-0x000007FEF48B0000-0x000007FEF48C7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2888-67-0x000007FEF4A50000-0x000007FEF4A74000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2888-66-0x000007FEF4A80000-0x000007FEF4AA8000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2888-65-0x000007FEF4AB0000-0x000007FEF4B06000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2888-70-0x000007FEF4740000-0x000007FEF48B0000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2888-73-0x000007FEF4680000-0x000007FEF46CC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2888-72-0x000007FEF46D0000-0x000007FEF4712000-memory.dmp

      Filesize

      264KB

      Download

    • memory/2888-75-0x000007FEF44B0000-0x000007FEF4507000-memory.dmp

      Filesize

      348KB

      Download

    • memory/2888-74-0x000007FEF4510000-0x000007FEF467B000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2888-71-0x000007FEF4720000-0x000007FEF4732000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2888-76-0x000007FEF4260000-0x000007FEF44AB000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2888-59-0x000007FEF6550000-0x000007FEF6561000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-58-0x000007FEF6570000-0x000007FEF658B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/2888-57-0x000007FEF6590000-0x000007FEF65A1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-56-0x000007FEF65B0000-0x000007FEF65C1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-55-0x000007FEF65D0000-0x000007FEF65E1000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2888-77-0x000007FEF2AB0000-0x000007FEF4260000-memory.dmp

      Filesize

      23.7MB

      Download

    • memory/2888-78-0x000007FEF2890000-0x000007FEF2AAD000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2888-83-0x000007FEF5F10000-0x000007FEF61C4000-memory.dmp

      Filesize

      2.7MB

      Download