Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0fb1fab0bb...f4.exe

windows7-x64

8

0fb1fab0bb...f4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fb1fab0bb13ce41ad29ec2dfd6bc1f4.exe

  • Size

    388KB

  • MD5

    0fb1fab0bb13ce41ad29ec2dfd6bc1f4

  • SHA1

    9d1d687556578eadaba3898e3bc075b14808976d

  • SHA256

    207bcd429ff7bf98bf3b066b2a9e0b01d6c01506d3343343150952c16eb7e867

  • SHA512

    d8671bbf6a569ca421edfa6b5310e1ea011710b5d2d603686bb88bc279f285a54bf73aeca60fc995d8ce471a75dfbd93953ecab557e1241ac4a272d799864c3f

  • SSDEEP

    6144:LLtPzWhDFJpT9NC7rGN3bkty0Mki8787O71rkhJSammcmZE:XtrWLJxe7rGNrkty0fkhAlmvE

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fb1fab0bb13ce41ad29ec2dfd6bc1f4.exe
    "C:\Users\Admin\AppData\Local\Temp\0fb1fab0bb13ce41ad29ec2dfd6bc1f4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5012
    • C:\Windows\SysWOW64\RUNDLL32.exe
      RUNDLL32.exe C:\WINDOWS\Temp\HX.ini ServiceMain
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\WINDOWS\Temp\HX.ini
    Filesize

    1.1MB

    MD5

    777115bbf9bfcd92e663b6585fb22d30

    SHA1

    773aa52a785aa4d7b8cdf1f51ed139f71b27f60a

    SHA256

    dac32409aa148e01aab2ab49fa817482a00e9c2fab7c16310156cb388bf087f5

    SHA512

    b0089912933daecd6e29a25a8297f5f6f55e6c9182fc63f28f7c7d353e4ac47827c0af7b8bdc5616f2ba22d0c76673ae151956720eac0d04373c9ad47d2e1d27

    Download Submit

  • C:\Windows\Temp\HX.ini
    Filesize

    1024KB

    MD5

    15fd1674a7ffcf1a66999becb4b27246

    SHA1

    cbf5af9cd40f304a4c73f072a7b1cbd2ab89469d

    SHA256

    7656d14ba5edcaeb19a6271687d7a534cf97469133c38bd1332630b30560a4eb

    SHA512

    f1314d41c63ca4048cd10f1350932d2394059284cd5ac0a11ec4f35d8e7f86e62803be35332eb567c61b2e47a5fcbca177c8b714197e32b978c3b3cb7511f057

    Download Submit

  • memory/5012-0-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/5012-4-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download