Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2c7c53cc21...ce.exe

windows7-x64

7

2c7c53cc21...ce.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    89s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c7c53cc215cbc87b9d0fdd03a4a13ce.exe

  • Size

    4.8MB

  • MD5

    2c7c53cc215cbc87b9d0fdd03a4a13ce

  • SHA1

    ed49a3baf836e3c0c27cb1d575b48a2676e42b4f

  • SHA256

    982de5fb844c74f708b0bcfff37b573614176cd311feebaa429ca0e5bb3550c5

  • SHA512

    1ed85a115a200e31c3f286e4089a785c33d6265798eaf615188e8b89c8b45454c8579cc71a447552780b3bb2f3f3b4bb36a1567f9b0414520d73b4319e44516f

  • SSDEEP

    98304:PX4kkWgiZ+zf/jghmMGqfvmP1/rO8ix0OhgJIXi49koyazx14:vZkWBZ+/gcqHW1/LPO6JIXi49koya0

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 23 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c7c53cc215cbc87b9d0fdd03a4a13ce.exe
    "C:\Users\Admin\AppData\Local\Temp\2c7c53cc215cbc87b9d0fdd03a4a13ce.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Users\Admin\AppData\Local\Temp\is-25L3C.tmp\2c7c53cc215cbc87b9d0fdd03a4a13ce.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-25L3C.tmp\2c7c53cc215cbc87b9d0fdd03a4a13ce.tmp" /SL5="$130028,4341601,721408,C:\Users\Admin\AppData\Local\Temp\2c7c53cc215cbc87b9d0fdd03a4a13ce.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:232
      • C:\Program Files (x86)\Quas\Magni.exe
        "C:\Program Files (x86)\Quas/\Magni.exe" 4dfbcb6392e4e82dec956a1f358df8ce
        3⤵
        • Executes dropped EXE
        PID:1840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/232-6-0x0000000002630000-0x0000000002631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/232-57-0x0000000000400000-0x0000000000679000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/232-60-0x0000000002630000-0x0000000002631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1200-2-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1200-0-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1200-56-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/1840-53-0x0000000000400000-0x00000000016AC000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1840-54-0x0000000000400000-0x00000000016AC000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1840-55-0x00000000042E0000-0x00000000042E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1840-58-0x0000000000400000-0x00000000016AC000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1840-61-0x0000000000400000-0x00000000016AC000-memory.dmp

    Filesize

    18.7MB

    Download

  • memory/1840-78-0x0000000000400000-0x00000000016AC000-memory.dmp

    Filesize

    18.7MB

    Download