Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

1d2ac65741...49.exe

windows7-x64

6

1d2ac65741...49.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d2ac65741b4970e3af392c03a6f1749.exe

  • Size

    137KB

  • MD5

    1d2ac65741b4970e3af392c03a6f1749

  • SHA1

    04f4aab873f93c933d014b1e762f837370d1e4ca

  • SHA256

    73ffdc6d42ffc58c772bb51ab2a894229aef66039a7fd58564acbf1ddf020d17

  • SHA512

    434e7d0eed95bc93b8bfd7713feba1da5b4a9e2dbf7c601ba7417919c5354ab4d1fc8d6213c79ebadff04710e2c4f68056a1fb7db4e75d6b4844e8e121e610ab

  • SSDEEP

    3072:S20lfOhndlsEGVs3fViVfxFsk8OB++gH/:S2efOVpfViJsk8A++g

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d2ac65741b4970e3af392c03a6f1749.exe
    "C:\Users\Admin\AppData\Local\Temp\1d2ac65741b4970e3af392c03a6f1749.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1848
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {15EFB1E1-31D0-4181-95FD-77A06CAB112D} S-1-5-21-3627615824-4061627003-3019543961-1000:SCFGBRBT\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Users\Admin\AppData\Local\Temp\1d2ac65741b4970e3af392c03a6f1749.exe
      C:\Users\Admin\AppData\Local\Temp\1d2ac65741b4970e3af392c03a6f1749.exe
      2⤵
        PID:1240

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1240-35111-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1240-35112-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1848-1-0x0000000000360000-0x0000000000371000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1848-2-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1848-35093-0x00000000722E0000-0x0000000073342000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/1848-35094-0x00000000722E0000-0x0000000073342000-memory.dmp

      Filesize

      16.4MB

      Download

    • memory/1848-35096-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1848-35098-0x0000000003DA0000-0x0000000003DA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1848-35099-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1848-35100-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download