Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

02bb0dba66...50.exe

windows7-x64

7

02bb0dba66...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02bb0dba66cb1b35f20a101b88494b50.exe

  • Size

    939KB

  • MD5

    02bb0dba66cb1b35f20a101b88494b50

  • SHA1

    c7c33ab47028787d588e28baaa33d9ffe36be4b2

  • SHA256

    3fd39c5f8b99577694caba921ae417c76df96a89cb5185fa1ef0e68e1d838fca

  • SHA512

    12cda96b8f2a21d0285d895c93b3147f16fb70badf8bdde66f160c92e8821a45d5060ce010dce4e59dffdec410080cd2502c2308612df9bb0b443c288f249b09

  • SSDEEP

    12288:TLoBw+bbjB1D6U+s802ziOQK/d+QXkkza6GOL9BkxcQiOOQu7aEcCLwQ+a62E33:UvD5+GE/kscc3ku1hQuECQ2E

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02bb0dba66cb1b35f20a101b88494b50.exe
    "C:\Users\Admin\AppData\Local\Temp\02bb0dba66cb1b35f20a101b88494b50.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Stub.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Stub.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Stub.exe
    Filesize

    369KB

    MD5

    d573b4707e9a3fe2ed2cf94868384ca1

    SHA1

    3ad3b2c4a4e383cf7901d4c6c8c70ce80607be3f

    SHA256

    65f3a272e92fd95d1ec7d857e1a8d7d79788bbf62940137e61482b04509613ec

    SHA512

    92ddf044b2822007dcf470b7877a64b60a0c0ce7639eb3952410a84c35f25f50224416469667a487040d98dba280ecb0e378134084e6409483383e7ba537cfcc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\Stub.exe
    Filesize

    93KB

    MD5

    e6a70c437bc2e596110eff8039b5b774

    SHA1

    6a4e454b3e26f8e1cd04a68e3cd16d64e665b28b

    SHA256

    2c306a97a6756d25e19ad6ba59c7f38307719fc8bedfaf2b7f6d59d8349cae69

    SHA512

    5ae2205edd0e8d92963d814740c72b148d43b5e2dace4bf2ee2061e2c4d2c2308b326cbdc686f1ab74c3667ec7c45ef285c646545f8eed68312fa817287ff84c

    Download Submit

  • memory/3000-10-0x0000000074040000-0x00000000745EB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3000-11-0x00000000008E0000-0x0000000000920000-memory.dmp

    Filesize

    256KB

    Download

  • memory/3000-12-0x0000000074040000-0x00000000745EB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3000-13-0x00000000008E0000-0x0000000000920000-memory.dmp

    Filesize

    256KB

    Download