Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

21fd93d3cd...cc.exe

windows7-x64

7

21fd93d3cd...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 00:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21fd93d3cdbeb9ed94ce1d1cd48063cc.exe

  • Size

    40KB

  • MD5

    21fd93d3cdbeb9ed94ce1d1cd48063cc

  • SHA1

    e377ba41cec9b79366ed22bd226bd88f1c88376f

  • SHA256

    87b90eb874af9a986921362d59cd08536baee8d4935b5b858127cd8683b8998d

  • SHA512

    356f124023d23124c1ad5fc9875e8e786f79a9e5d2ffa374d38ceea4d1b0485cfca25b9e5ed9674084aad8f25e944eef21e0a4bae970e66d9aae37661dc3dcc0

  • SSDEEP

    768:YHyfK1MokyJwxoX0J026MFpzf98LbHJT70:uZMokOt26gzfKLrJn

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21fd93d3cdbeb9ed94ce1d1cd48063cc.exe
    "C:\Users\Admin\AppData\Local\Temp\21fd93d3cdbeb9ed94ce1d1cd48063cc.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\SysWOW64\netmodulr.exe
      C:\Windows\system32\netmodulr.exe -inst
      2⤵
      • Executes dropped EXE
      PID:2756
  • C:\Windows\SysWOW64\netmodulr.exe
    C:\Windows\SysWOW64\netmodulr.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\netmodulr.exe
    Filesize

    19KB

    MD5

    1071cf44d3e9cb1f8db0981257233c74

    SHA1

    473ebc7859875268db5d01ff37e25bac500f2cd8

    SHA256

    9a06615bfe4e5b7af84ab77f9993ec32da33e88233f764480edabce06cc9a254

    SHA512

    1aa9d6aec103a6185e80ae85ef948fb98aca13848297f3a13c0974faf7deea0e75b4b0d9655032e349ff717e85da31303fb3e4f4f38cff9f91d37eddd455918e

    Download Submit

  • memory/2520-2-0x0000000000260000-0x0000000000270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2520-11-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2756-10-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2788-12-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2788-20-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download