Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

10a1f5b288...3a.exe

windows7-x64

7

10a1f5b288...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10a1f5b288189c02be76ba20486ea53a.exe

  • Size

    1000KB

  • MD5

    10a1f5b288189c02be76ba20486ea53a

  • SHA1

    02a2d5f9f366dc58503778e2482537974a34b63d

  • SHA256

    57786fa75417cfe0a9207d69f60e377a694c045503ac62ff4c3dcc67594588be

  • SHA512

    14c965111868e2169a4f5f3ff94bf523da9484d6703bf4c7e5c96e9b68596c0e9de196ab9cc0f3c232ef46ed1c8f68e1ccde9fbe8f878a8944effbeeba5e402c

  • SSDEEP

    12288:meGsBtZRiuau1B2mrIwJyEBsJ8gc2H4qVyyJw5TL7Sfv5L5ghUQY3ECaBwQ2tb5g:meGsBhT/BBngnU1B+5vMiqt0gj2ed

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10a1f5b288189c02be76ba20486ea53a.exe
    "C:\Users\Admin\AppData\Local\Temp\10a1f5b288189c02be76ba20486ea53a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Users\Admin\AppData\Local\Temp\10a1f5b288189c02be76ba20486ea53a.exe
      C:\Users\Admin\AppData\Local\Temp\10a1f5b288189c02be76ba20486ea53a.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\10a1f5b288189c02be76ba20486ea53a.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\10a1f5b288189c02be76ba20486ea53a.exe
    Filesize

    1000KB

    MD5

    c6bcbfc2776b2f3c517433927ccde5d3

    SHA1

    9b44174fa17759b5e3f106167dddc69f48416f64

    SHA256

    5f7d929f238da069dcb9792dbada42d943b95cbb51516e427ab02d147026d981

    SHA512

    a5539376a6fda23764b2b7845dfd82e853e8b217e70aa09c7413f0c233d5b73a2d3abb0e6cbb5336090135b02e02fc1c7aed7cd3c272b301588594d20bb2834e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1FC5.tmp
    Filesize

    125KB

    MD5

    99892f04a68673e28af150d61aa05ff8

    SHA1

    1d641f7bfd425b289da8dc2a31031e28dde60971

    SHA256

    9530243b0e88663ddf0085f9546cc7514c1468dd1c3d90162de5a68ed75a3813

    SHA512

    a62593fe017cbb9dd72955dd6168b9d0a303b811166149d13a4b9610fa3740467b3c12becef864c25a294331f3207d2f5269bfc1edbe3312124cd602ba626c50

    Download Submit

  • \Users\Admin\AppData\Local\Temp\10a1f5b288189c02be76ba20486ea53a.exe
    Filesize

    256KB

    MD5

    02b740c59bb5f4d51cb76e660154e145

    SHA1

    a8ab89cc76a019bd2f8d2d48dd0ebc8ca6e4e642

    SHA256

    7726986712c12d7b1ad56cefbfcd69f07c6fa2b1e2f768b660a8a7ef4342672a

    SHA512

    db92cbe2d08b202920c095da15953afac0f5ca25f09125cc6294a407f9d791a979419a1018d8120a838b81446003f2f8e3cf7c0af609ff24a82481c9fd4d9b08

    Download Submit

  • memory/2196-20-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2196-18-0x0000000001490000-0x0000000001513000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2196-24-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2196-28-0x0000000002D50000-0x0000000002DCE000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2196-67-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2240-15-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2240-0-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2240-12-0x0000000003110000-0x0000000003193000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2240-1-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2240-2-0x00000000001A0000-0x0000000000223000-memory.dmp

    Filesize

    524KB

    Download