Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

2499726e28...64.exe

windows7-x64

6

2499726e28...64.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    43s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2499726e2879c12ab4f1ea9dea899364.exe

  • Size

    52KB

  • MD5

    2499726e2879c12ab4f1ea9dea899364

  • SHA1

    cfbdb5bb3945634f1bc2ab69cc0ac2dbcbe51848

  • SHA256

    32fb85f486ba580d25398d728b872849ebb1881bfb69dab639a118c6f67cc495

  • SHA512

    83bc31f66d72aeccb8771de838d51ff73b537cb8793cb1bef061f2064e5b68ca6791253aec113f7883a836c4fe36a307f6e4cc1e1979df73da6acbf08707c3b1

  • SSDEEP

    768:pfQwzOFcZIvTFyZnfaKXrBdP+I6wiD9NE6qo6j+Zlqi1+TsC6v7VaHvx8eClUu0i:qwzOSEqiK7vGn9NE6gSTCxg7AYgx

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2499726e2879c12ab4f1ea9dea899364.exe
    "C:\Users\Admin\AppData\Local\Temp\2499726e2879c12ab4f1ea9dea899364.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\delself.bat" "
      2⤵
        PID:2760

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\delself.bat
      Filesize

      202B

      MD5

      8d6c7be1269d587d7c6bb7738db81f7a

      SHA1

      cdb538b161b129f97fc1739ca26209e8d319b9be

      SHA256

      53087750845e077982e653116baa42f7468c137fd9663cd66565ab2ae5bcaa89

      SHA512

      11430c2bda3976b215cb8e0127960406f4584be50c2bde7aabd96410f80e9a7570523e041d51167bed42db9edc95e97e4b28b8e76e3b1f42e145bf1457a3a161

      Download Submit

    • memory/2756-0-0x0000000000220000-0x000000000022D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2756-11-0x0000000000400000-0x000000000040F000-memory.dmp

      Filesize

      60KB

      Download