Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

099bad4113...aa.exe

windows7-x64

7

099bad4113...aa.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    099bad411315767c17e41e04a71f12aa.exe

  • Size

    129KB

  • MD5

    099bad411315767c17e41e04a71f12aa

  • SHA1

    464a0a5caa34caba25dbc1c12ebae3f4bfe89b31

  • SHA256

    0ecbc8f62fd4ea30522f23f8fdb1f9710a7d9cf4540fda0b63a0a916d8a6ff82

  • SHA512

    bdc7707c2ef2e7b289c4d1c91bd7d08e7b014dafe8b330c2bb9040a8ee4fd0d909e89c2caa6ecef11081649ee9ad3a228562766561c2fa30d7e84f75bb9b1242

  • SSDEEP

    3072:CGZhLLuMKCRKUlez9ChzkxM74uUz3JTH7ZT9CxGJmcNMpw:POFCRblezMhzz7NUz57ZT9zJN

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 5 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\099bad411315767c17e41e04a71f12aa.exe
    "C:\Users\Admin\AppData\Local\Temp\099bad411315767c17e41e04a71f12aa.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\run1.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s C:\Users\Admin\AppData\Local\Temp\s1.reg
        3⤵
        • Modifies registry class
        • Runs .reg file with regedit
        PID:2688
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c erase /F "C:\Users\Admin\AppData\Local\Temp\099bad411315767c17e41e04a71f12aa.exe"
      2⤵
      • Deletes itself
      PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\run1.bat
    Filesize

    118B

    MD5

    c9ca0afd6c6d4ba684394ab5ee38482c

    SHA1

    218342e5aa6ad25831f0f4991dd45cc822940206

    SHA256

    fb1820a50d3feaa20d5c43c92ce107c025d80549a0337b272df8c9f5ce89c25c

    SHA512

    3c8228a0cada2ef3a4c8fba626afd0bb5f518413243f0473842ae16a96a72e8b96229026413721c9472908945a6198ee6aa260f6c7516b984b3f7de6889a0495

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\s1.reg
    Filesize

    406B

    MD5

    03cf2b5aee584c8870f889a87e2b1f23

    SHA1

    b46dc1fd84b8c309769aadb39eb1a49e1e983546

    SHA256

    593f487b4e37f5bb71612a1bd43f8278211164624bce9e03b6ee54239c161d17

    SHA512

    c4076dc941bbfa55d1825736a50186b1058fd9d3a5ea1faf2909027b2870e4ee92ed72aee0352d8ad9d895cb06586c14ad62a69fc9ea5f7683872649a7f9db06

    Download Submit

  • memory/3040-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3040-12-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3040-3-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3040-14-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download