Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

1a017ee65f...67.exe

windows7-x64

7

1a017ee65f...67.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 13:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a017ee65fb496050ea755c93faf8667.exe

  • Size

    625KB

  • MD5

    1a017ee65fb496050ea755c93faf8667

  • SHA1

    da92d0b51ee717d255a95201e3834aac38f85fe7

  • SHA256

    136c6e28b879b1bf9d9ae90ee0d744e25a140afdee113139520e4cce00a59014

  • SHA512

    02c201b63765907208a43b6fed85e64d371ef04078a4d0ed458f08f9442fd54b76c41b518f89b62d5e8000867720f8910272f07221af4adab26d69360c2424b7

  • SSDEEP

    12288:ldVHdJP768IAxFHABvJ8Z/pCLLL0+Hsuq/R9hUJGP:ldVH/P7zx1ABh+pS//q59ew

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 1 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a017ee65fb496050ea755c93faf8667.exe
    "C:\Users\Admin\AppData\Local\Temp\1a017ee65fb496050ea755c93faf8667.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetWindowsHookEx
    PID:700

Network

  • flag-us
    DNS
    9zmsm3kkga46k3tgdl.5oit1jfk57.com
    Remote address:
    8.8.8.8:53
    Request
    9zmsm3kkga46k3tgdl.5oit1jfk57.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    9zmsm3kkga46k3tgdl.5oit1jfk57.com
    dns
    79 B
     152 B
     1
    1

    DNS Request

    9zmsm3kkga46k3tgdl.5oit1jfk57.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/700-0-0x00000000011B0000-0x0000000001391000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/700-37-0x00000000011B0000-0x0000000001391000-memory.dmp

    Filesize

    1.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.