Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

081804c7ed...82.exe

windows7-x64

6

081804c7ed...82.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    0s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    081804c7edf878c0cd7c0981f816e782.exe

  • Size

    232KB

  • MD5

    081804c7edf878c0cd7c0981f816e782

  • SHA1

    ff61177e6485f0572bbbf1dc1438ee5a542c0700

  • SHA256

    1fb7f9a562a0f8cafae55401b0b47c202ed650f937c5d49d941d23ff6f378f3b

  • SHA512

    150e01b4d907c88d9d9d2e06faf0ac5781374c4170a9e0192821e87d3d87c81a698f536b9ffd7fa2a51c8092f29333e5ad0ae7c9451910c78f5e5d63dc12d921

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8SkgnYHfQlAV:o68i3odBiTl2+TCU/wk8KfQlEB

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\081804c7edf878c0cd7c0981f816e782.exe
    "C:\Users\Admin\AppData\Local\Temp\081804c7edf878c0cd7c0981f816e782.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3172
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\bugMAKER.bat
      2⤵
        PID:1060

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      76B

      MD5

      d36a337925ef0b609f4d7d73f5a0e6e3

      SHA1

      04fc7987cc27c37027eec439474b482109e0121f

      SHA256

      369338b32fbb28038e04f30b031c624e1432b0dbcb8f6b25ca3ddbb0bb589a03

      SHA512

      ba369aa9920fd2298088899cbc11a3ec1ee3c539a0ffb96470c39f6a4e5d3d7fb70c8235c21626caf595029425fd8267c7d678170e676cec2f63cfa172d7776e

      Download Submit

    • memory/3172-24-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download