Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

14a71c96d0...ef.exe

windows7-x64

10

14a71c96d0...ef.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14a71c96d0ddc18deb564f491b5aa2ef.exe

  • Size

    412KB

  • MD5

    14a71c96d0ddc18deb564f491b5aa2ef

  • SHA1

    c05f5cf0034706728fdb7bd96050b78b599d1d7a

  • SHA256

    3a6838ef59315244eaf37fcaf323b8c6e333b93642f9e8ced46c24503b917aad

  • SHA512

    bcc81c45dd377f10c8bb505cdf0e1efeb261cdc9935c49ba2e32e4f9c063362f4e167d638684279dca5b104c8abe4ee7c40ab04f91f5f97a76ad096af3a099a3

  • SSDEEP

    12288:shIj6W6nGbmuUqsz0KPxKhMdXnBnYxlBPdO4kspViMzdZ:shjQmuUqswKJzdqw4keJZ

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Drops file in Drivers directory 2 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 53 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14a71c96d0ddc18deb564f491b5aa2ef.exe
    "C:\Users\Admin\AppData\Local\Temp\14a71c96d0ddc18deb564f491b5aa2ef.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Drops file in Drivers directory
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\SysWOW64\regedit.exe
      C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
      2⤵
      • Runs .reg file with regedit
      PID:2512
    • C:\Users\Admin\AppData\Local\Temp\14a71c96d0ddc18deb564f491b5aa2ef.exe
      C:\Users\Admin\AppData\Local\Temp\14a71c96d0ddc18deb564f491b5aa2ef.exe
      2⤵
      • Drops file in Drivers directory
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2180
      • C:\Windows\SysWOW64\regedit.exe
        C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
        3⤵
        • Runs .reg file with regedit
        PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\System\taobao.ico
    Filesize

    14KB

    MD5

    468fada123f5548ac87e57bae81f6782

    SHA1

    edb8f012c25906e6afd8bf335b495e16c440243d

    SHA256

    091c882bb307d57f2c7c42309e7ba8740130fef8c3ed772b0bc5e5505e37034d

    SHA512

    635ec26c88c2394dd4f2a81b9aea8f429a91adfeb37ae34e51b03f3cf8e503c123c3685938f40cea07d6146e0c7113aadbe62fa528f1f6d8b995e617fd68a4aa

    Download Submit

  • C:\WINDOWS\system32\drivers\etc\hosts
    Filesize

    3KB

    MD5

    b4cf009b0a57d8c23b460876d9116ab6

    SHA1

    61d7eb9a0c5c503eedd5c5d6f7ee7181e3baacbe

    SHA256

    578c941cc443f4002f01cecb90035c1f3d42fc350a4ed8fed94405d40580699a

    SHA512

    1bdcabf7227637327311af21fd3716ddcc9410eb69ae60030a5fa253d47f3c8d87490cd50c3c9443c1a925b79fe9121ca6762b0433fe8dbdb1087777dccd51b9

    Download Submit

  • C:\Windows\SysWOW64\msscp.reg
    Filesize

    228B

    MD5

    2d06a424ad1c7611ea9caad93892ea26

    SHA1

    a901e15c2ecea498f1ca8ffc5d5c32bd3f0169d8

    SHA256

    8c19027357bcb3170b6844aec44cd4c143c7b795d5df52ff89426615010f715c

    SHA512

    3199dffce9d7625d9e01d7a06c912d3629e5f3d98d3935763df6b323807d46f24a40876d78d5ae7f7ac83c90e498e7c4810d88993904dbca1036e8c06833ccdf

    Download Submit

  • memory/2180-7-0x0000000000400000-0x00000000004DC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2180-10-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-30-0x0000000000400000-0x00000000004DC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-0-0x0000000000400000-0x00000000004DC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2212-4-0x0000000002E40000-0x0000000002F1C000-memory.dmp

    Filesize

    880KB

    Download

  • memory/2212-32-0x0000000000400000-0x00000000004DC000-memory.dmp

    Filesize

    880KB

    Download