Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

21d3f96895...5f.exe

windows7-x64

7

21d3f96895...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 00:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21d3f9689561df6f1111c30c2681555f.exe

  • Size

    327KB

  • MD5

    21d3f9689561df6f1111c30c2681555f

  • SHA1

    932843a307487852cc76f340808ec0763ac529d5

  • SHA256

    052fb311740ae04a0ade1401a1a9312db0e7f1d8f1602950eda24498e624354c

  • SHA512

    8a28071c506cfba2e27c04ca32e5dbc82cd64f1a1db7b74b47ad2394d88ee62b0f1afaf01891f093d524259d5e5bf182900f7e92dda06638bb2a016d6bc0486b

  • SSDEEP

    6144:Zr469uEo2S1YnQmCX492DkwNP3qpYFGgjwuBGVdLAt4ZHd2i3gjd+ZD/6Fr:Zr4iu6/eIo4Rsw33AtsmQ6

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21d3f9689561df6f1111c30c2681555f.exe
    "C:\Users\Admin\AppData\Local\Temp\21d3f9689561df6f1111c30c2681555f.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\_tin7053.bat"
      2⤵
        PID:3028

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\InstallMate\860EDDE3\cfg\1.ini
      Filesize

      1020B

      MD5

      939cc2388bb1ce9629259aab647df0a3

      SHA1

      9cae7ae54376858144765944f1bededeb787f7f7

      SHA256

      82c6e4432e96398f4472385e965ef268fea0c00e826a4244a6e93132184f31a0

      SHA512

      95bc32f112d00f9a5ce1676a4c020eecfe64db49f03c45e9ab4375bf3a9d7a3bb1fed74e815b06159dc2714afa6ba0cd4b770c303f429ae9c886cf19be7d5649

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tsu4AC25364.dll
      Filesize

      92KB

      MD5

      1f905acec7b77e7b5a1c6c85c397acfc

      SHA1

      22331834ed8b991c4db0695f9c677316b0b7c592

      SHA256

      bb6cb380d01828b1f53b98f8dada1e9b879cf1b959145f3071ed5bf4016307be

      SHA512

      c8d925b0d8636ae9434f0c1c6bed739a2c3e7108642e9e32e5aac28a383cab9a2aa63773eea20e1cd0504a75bb2c0fbb7923cacb2ab1d0450e307e5e4cf507d4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{659508FF-3792-4B6D-A986-7FB0BE762A09}\_Setup.dll
      Filesize

      92KB

      MD5

      69d3b5145a4ad4bbd7e060a64d6ba852

      SHA1

      8ee672aa1cedd924381304784344a62a40f39c29

      SHA256

      89250bf73e501d37ad85c84468ffeab70241763da4705b98776a788a5171b8e1

      SHA512

      6451887d9c0a4370bf8cbcfc85ed1458f08a5c62ba458a80e2b0f6bf78f32cd96a47d8f635e3e13a82a048a587191ba1106aec36e65dc0ab6030b5a9c8cdd349

      Download Submit