Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Empty.exe

windows7-x64

1

Empty.exe

windows10-2004-x64

1

Setup_00.exe

windows7-x64

7

Setup_00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_00.exe

  • Size

    121KB

  • MD5

    35765acf294fb5f8294e41b78975b5fa

  • SHA1

    6f0892ab9e7900f0838fe429b6d7077debfc1990

  • SHA256

    782dac7005ea26f34f175c7d6230801ff18d4d786713febfb5e6eb128bfa2cf6

  • SHA512

    5bd885b6a1b5770b5519b3d58f6c6d55da1b873ddc4946da705238fc3f4891dd9f77a86c7b0aba25908e1592b4c4c8c1854e0a6d5710b70309ab8e44580b83ea

  • SSDEEP

    3072:MGu9BlfzWIbXWm+w0Jp5ilmb9NN0xF+LBQCdZu9i:M/0uotbnN0iL1X

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_00.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_00.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LC.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LC.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 284
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\LC.exe
    Filesize

    45KB

    MD5

    161f4d2404a6f41c0b354f912ad3fe9a

    SHA1

    e41e0bdc42a16573cac28f472cec710b5a0c351b

    SHA256

    24da3e109cafea575974f34f165dc077dd9f445dd1838933e62993942ae50d61

    SHA512

    689cbc85a976605c356f0a3f61443755648875c60e2e1375a335cbb4afdd39d6fb6a0ec7dcd659a92ab29cc32a0ceb7c17d70fec5de26d7fc86726501b28d68e

    Download Submit

  • memory/2024-16-0x0000000000180000-0x0000000000196000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2024-11-0x0000000000180000-0x0000000000196000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2024-23-0x0000000000180000-0x0000000000196000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2024-24-0x0000000000180000-0x0000000000196000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2780-17-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2780-18-0x0000000000020000-0x0000000000036000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2780-26-0x0000000000020000-0x0000000000036000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2780-27-0x0000000000020000-0x0000000000036000-memory.dmp

    Filesize

    88KB

    Download