Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

099bad4113...aa.exe

windows7-x64

7

099bad4113...aa.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    163s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 01:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    099bad411315767c17e41e04a71f12aa.exe

  • Size

    129KB

  • MD5

    099bad411315767c17e41e04a71f12aa

  • SHA1

    464a0a5caa34caba25dbc1c12ebae3f4bfe89b31

  • SHA256

    0ecbc8f62fd4ea30522f23f8fdb1f9710a7d9cf4540fda0b63a0a916d8a6ff82

  • SHA512

    bdc7707c2ef2e7b289c4d1c91bd7d08e7b014dafe8b330c2bb9040a8ee4fd0d909e89c2caa6ecef11081649ee9ad3a228562766561c2fa30d7e84f75bb9b1242

  • SSDEEP

    3072:CGZhLLuMKCRKUlez9ChzkxM74uUz3JTH7ZT9CxGJmcNMpw:POFCRblezMhzz7NUz57ZT9zJN

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 5 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\099bad411315767c17e41e04a71f12aa.exe
    "C:\Users\Admin\AppData\Local\Temp\099bad411315767c17e41e04a71f12aa.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\run1.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4268
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s C:\Users\Admin\AppData\Local\Temp\s1.reg
        3⤵
        • Modifies registry class
        • Runs .reg file with regedit
        PID:60
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c erase /F "C:\Users\Admin\AppData\Local\Temp\099bad411315767c17e41e04a71f12aa.exe"
      2⤵
        PID:688

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\run1.bat
      Filesize

      118B

      MD5

      c9ca0afd6c6d4ba684394ab5ee38482c

      SHA1

      218342e5aa6ad25831f0f4991dd45cc822940206

      SHA256

      fb1820a50d3feaa20d5c43c92ce107c025d80549a0337b272df8c9f5ce89c25c

      SHA512

      3c8228a0cada2ef3a4c8fba626afd0bb5f518413243f0473842ae16a96a72e8b96229026413721c9472908945a6198ee6aa260f6c7516b984b3f7de6889a0495

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\s1.reg
      Filesize

      406B

      MD5

      03cf2b5aee584c8870f889a87e2b1f23

      SHA1

      b46dc1fd84b8c309769aadb39eb1a49e1e983546

      SHA256

      593f487b4e37f5bb71612a1bd43f8278211164624bce9e03b6ee54239c161d17

      SHA512

      c4076dc941bbfa55d1825736a50186b1058fd9d3a5ea1faf2909027b2870e4ee92ed72aee0352d8ad9d895cb06586c14ad62a69fc9ea5f7683872649a7f9db06

      Download Submit

    • memory/4936-0-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4936-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4936-2-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4936-8-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download