Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

04185736c2...ff.exe

windows7-x64

7

04185736c2...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04185736c245fa94c62b4bb31528caff.exe

  • Size

    658KB

  • MD5

    04185736c245fa94c62b4bb31528caff

  • SHA1

    cee2b3a3dd38d8c570ce3f781ea36a9f066680dd

  • SHA256

    d18a7c5dc32f830b0c6e9124f8ff5629843ddb74ae1ccecdf3a470974716096f

  • SHA512

    5acc676e9d7e0d15c3fcc6d31a0bc89f5d4166b803cca7c15ed151858485d8444f66cbd0ffe30b671b485a458a8d11d0aaab4636ea0310ffa4f96d8b6b692aa4

  • SSDEEP

    12288:C6eeHVx4www0DhZirPmLtdIrCQRvRMDF3Z4mxxuDqVTVOCOMlwZ4R:CJeHHww01Eh8QmX9VTz/Uw

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04185736c245fa94c62b4bb31528caff.exe
    "C:\Users\Admin\AppData\Local\Temp\04185736c245fa94c62b4bb31528caff.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\DELME.BAT
      2⤵
      • Deletes itself
      PID:2800
  • C:\Windows\windows.exe
    C:\Windows\windows.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\DELME.BAT
      Filesize

      190B

      MD5

      a0b1bb18ca06c64e6b2742f878a0fc25

      SHA1

      0df70fb448cc0332ec9e9812b6d7fd588bbadc3a

      SHA256

      4baea608c625c89572922b6bb9d64c83782d5aaa0e11258bad3818d4164db258

      SHA512

      4003e7402a551fd06b1b9370d90e34107ec057c8f833a51c27a50827b35bb94c7037728a28846a883711c5ed6aaec049ebc96dd0be6c0927280ff2f97f3fdbe9

      Download Submit

    • C:\Windows\windows.exe
      Filesize

      658KB

      MD5

      04185736c245fa94c62b4bb31528caff

      SHA1

      cee2b3a3dd38d8c570ce3f781ea36a9f066680dd

      SHA256

      d18a7c5dc32f830b0c6e9124f8ff5629843ddb74ae1ccecdf3a470974716096f

      SHA512

      5acc676e9d7e0d15c3fcc6d31a0bc89f5d4166b803cca7c15ed151858485d8444f66cbd0ffe30b671b485a458a8d11d0aaab4636ea0310ffa4f96d8b6b692aa4

      Download Submit

    • memory/2300-37-0x00000000031B0000-0x00000000031B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-42-0x0000000000400000-0x000000000051F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2300-26-0x0000000003280000-0x0000000003281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-43-0x0000000003180000-0x0000000003280000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2300-45-0x0000000001D50000-0x0000000001DA4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2300-40-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-39-0x00000000031A0000-0x00000000031A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-28-0x00000000031C0000-0x00000000031C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-25-0x0000000003190000-0x0000000003191000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-24-0x0000000003180000-0x0000000003280000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2300-23-0x0000000001D50000-0x0000000001DA4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2912-7-0x0000000001E00000-0x0000000001E01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-6-0x00000000005F0000-0x00000000005F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-16-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-17-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-18-0x00000000032C0000-0x00000000032C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-19-0x00000000005E0000-0x00000000005E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-2-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-3-0x0000000001DC0000-0x0000000001DC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-4-0x0000000002340000-0x0000000002341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-5-0x0000000000600000-0x0000000000601000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-14-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-36-0x0000000000400000-0x000000000051F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2912-0-0x0000000000400000-0x000000000051F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2912-38-0x0000000001D50000-0x0000000001DA4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2912-8-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-9-0x0000000002350000-0x0000000002351000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-10-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-11-0x00000000032B0000-0x00000000032B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-12-0x00000000032A0000-0x00000000032A3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2912-13-0x00000000033A0000-0x00000000033A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-1-0x0000000001D50000-0x0000000001DA4000-memory.dmp

      Filesize

      336KB

      Download