Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

23d49e2672...e4.exe

windows7-x64

7

23d49e2672...e4.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23d49e2672748177b2b47963c0c4bce4.exe

  • Size

    200KB

  • MD5

    23d49e2672748177b2b47963c0c4bce4

  • SHA1

    e082d96c61641392c70b0499f6a800d3ca1190cb

  • SHA256

    b9f04dfe49492d2109b9e48ce8cd76af2efc0690f9cf443944e578006dc2b082

  • SHA512

    203103d89d95b0f3f5ca8346d06dc6addc0ffcbfff3d84fc7d2f8cfa88e6e1c8546d88f08a51c14d8d71c0e9dc542d484f722802110325e23fa1b5c3fe493250

  • SSDEEP

    6144:SJ07a/YX+d8+ufIb3uXFKjn0yD9ETXXa6I:fdC/uA7jnJDOGN

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23d49e2672748177b2b47963c0c4bce4.exe
    "C:\Users\Admin\AppData\Local\Temp\23d49e2672748177b2b47963c0c4bce4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd18FF.tmp\ioSpecial.ini
    Filesize

    599B

    MD5

    0e74e891fc8c535e742d2ed1b854a141

    SHA1

    c477c09b7d4c7837808fdc1306c5b34494597adc

    SHA256

    e01e4814ecf209df63273ca6c062895d367036a4409dc1e84882ad0eb1517179

    SHA512

    cac2ce6fd6408e7dcbe64e9763ad945459ee229d541cf9e8bb81aec1abaf747c3522deabb5d13431529d38233daafbbe7fb881e971977284720525f6cb6a0454

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd18FF.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    43ba71f370a45aebcde86d76b83b208c

    SHA1

    1f14e3c253a5b7255b617084b45e51ef9d6717e4

    SHA256

    6d0a19614efb523f78477429df04b71459ee69b3d16231798dcfa539b3d2a64c

    SHA512

    36aaf1ccb7c1085ba9fbacbad6c1505c9e389be5e9bd52ee7046b48302b8239d6e34dfeeb32a2708c4fb7d5a85c1d202fbdabcdd6a2cced0099249640443b551

    Download Submit

  • memory/2920-1-0x0000000000240000-0x0000000000272000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2920-0-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2920-78-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download