Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0c38c4c8c4...71.exe

windows7-x64

7

0c38c4c8c4...71.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 02:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c38c4c8c4f3c14169487b2295851d71.exe

  • Size

    32KB

  • MD5

    0c38c4c8c4f3c14169487b2295851d71

  • SHA1

    5d4a1519d98d33e7c83b6509f948ba21974b2765

  • SHA256

    530f707320841f1bfa73c1fae471b7b532669b06ce159f1f2e71e6fb9b1e4294

  • SHA512

    476da3b2e8c4cfc98c9758fbb835e80c24d3a36decf64027435eae1082f75271a1f4c5296fa893d2d5f0c34694b55244340976f346938949805c696e79cfced4

  • SSDEEP

    192:Eab8fWPl1l/cfvjmG4UzeFi98uidjZtiWeMZqVUs4pE9U5zy3L+r:zbVPFEfrmvOeFiGR/heUs4pbQKr

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c38c4c8c4f3c14169487b2295851d71.exe
    "C:\Users\Admin\AppData\Local\Temp\0c38c4c8c4f3c14169487b2295851d71.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\WINDOWS\Fonts\svchost.exe
      C:\WINDOWS\Fonts\svchost.exe
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Suspicious use of SetWindowsHookEx
      PID:1820
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\kill.bat""
      2⤵
      • Deletes itself
      PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\kill.bat
    Filesize

    190B

    MD5

    675dc72d7dcf711d8a249f292f3ec91d

    SHA1

    ce51092736cac370b7b91101b4678ea5251f02db

    SHA256

    5f44186b59329b6f0fb7c362b8a4119c769a031365441a94de9bbe34f5ac8045

    SHA512

    5d33cd3175dfbbafd67e479b5e770a8d2c54549eb90377825f52ddf0140f59de4076bb12102f547f5ae690eba18d61f8a9c868f47af607367db0f51e182f6e3b

    Download Submit

  • \Windows\Fonts\svchost.exe
    Filesize

    12KB

    MD5

    8fb18e8bfe3035f3850bec26397d4d5a

    SHA1

    da62a44f88f1277d7aa3241fae20fc7eb5175e15

    SHA256

    a926effacc1c0e0ab9eebf89b3aa1bcbe6dd590b3f98e82b524ee26184679004

    SHA512

    18dd9687cc010892d20039eb7cfe9bc61a2878c9fb3d9a01b70074a1deaa7fcdcb6ef4f1014b27c35d8830a951db74d69c6c21d2d06a533a5abf3a9aefd333f7

    Download Submit