Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

7

Analysis

  • max time kernel
    295s
  • max time network
    302s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/01/2024, 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47.exe

  • Size

    6.5MB

  • MD5

    298ac722674ea9191726a3056f2aa7e9

  • SHA1

    bb25fac73d2f60170b7c054e97971384d547b985

  • SHA256

    75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47

  • SHA512

    efcd3b093004153ce52876ee7f87b8faf2725c141b82a3012520e1a57dfaf0c424161dbf010c44a6b37edc3e6dc6ef276015db63f45c0ed4a7967ce8b5aa12ae

  • SSDEEP

    196608:8wT4OknrwAklnH74yKYhm5wRrcV7/jvrKS4dD:8e9ewAkd3r+7/jvEdD

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 59 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47.exe
    "C:\Users\Admin\AppData\Local\Temp\75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3476
    • C:\Users\Admin\AppData\Local\Temp\is-TS8GJ.tmp\75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TS8GJ.tmp\75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47.tmp" /SL5="$A01E0,6525984,419840,C:\Users\Admin\AppData\Local\Temp\75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 25
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1228
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 helpmsg 25
          4⤵
            PID:3684
        • C:\Program Files (x86)\DBViewerAPI\dbviewer.exe
          "C:\Program Files (x86)\DBViewerAPI\dbviewer.exe" -i
          3⤵
          • Executes dropped EXE
          PID:2156
        • C:\Program Files (x86)\DBViewerAPI\dbviewer.exe
          "C:\Program Files (x86)\DBViewerAPI\dbviewer.exe" -s
          3⤵
          • Executes dropped EXE
          PID:4460

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\DBViewerAPI\dbviewer.exe
      Filesize

      1.5MB

      MD5

      f7b145a9b37fcb3cc0f4132b634ab442

      SHA1

      eda226392ef39a394dbcc0a6b909e75ec7365240

      SHA256

      a98f3334e308dd7fb39ca39cfadcbb9d1bf77ed370f9ecabe76a8b53e67a8a9b

      SHA512

      df8841d8dcfe87989b428be8de0dc9ec2c080661afc14a1a5d09bd853a8549e9cea5acba4514fd523dc0f8833916af550c2ed92d6a5d9cbba3ea6a3ccf6d1991

      Download Submit

    • C:\Program Files (x86)\DBViewerAPI\dbviewer.exe
      Filesize

      659KB

      MD5

      77f473f7e72b71dc3eb9bed1781a1b89

      SHA1

      b9e276f10ebe5e302562dcecf1699a4eb7ae85da

      SHA256

      bc795c491b0b85b85b4089f2bdb5439cfe09b38685fde92ae00add5dc645605c

      SHA512

      4e7c7ade0fa090cda2711bcd602bafae2610bbdd987dc72617ee2bb36534e5504ae0b6bcd5bfc7eb1f7a75d6411b2a90cf6621df8a5c1f57d4d81d52ee277194

      Download Submit

    • C:\Program Files (x86)\DBViewerAPI\dbviewer.exe
      Filesize

      425KB

      MD5

      2c1b3b42f6883098447d91bb27d4f34e

      SHA1

      6b90ecfe82b92ba99a8f78df267195602201a4ff

      SHA256

      5f8aa0486376fee28dc67fb654e6d7aeaf8b7abe135624c559415e1f4d388842

      SHA512

      7df3b2a6866a70141ceb3d288743064be4210646e3e6dba834759a5c69c572266a47c8d80947d45c6a3e4b9b02f0f8985331e8345feec78b8a23566fd8973908

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\is-TS8GJ.tmp\75ddaa0967f886b93e6db8bf2ae1d969a6bff280627d3e6226fd45f22bed2a47.tmp
      Filesize

      688KB

      MD5

      a7662827ecaeb4fc68334f6b8791b917

      SHA1

      f93151dd228d680aa2910280e51f0a84d0cad105

      SHA256

      05f159722d6905719d2d6f340981a293f40ab8a0d2d4a282c948066809d4af6d

      SHA512

      e9880b3f3ec9201e59114850e9c570d0ad6d3b0e04c60929a03cf983c62c505fcb6bb9dc3adeee88c78d43bd484159626b4a2f000a34b8883164c263f21e6f4a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\is-LI96J.tmp\_isetup\_iscrypt.dll
      Filesize

      2KB

      MD5

      a69559718ab506675e907fe49deb71e9

      SHA1

      bc8f404ffdb1960b50c12ff9413c893b56f2e36f

      SHA256

      2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

      SHA512

      e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

      Download Submit

    • \Users\Admin\AppData\Local\Temp\is-LI96J.tmp\_isetup\_isdecmp.dll
      Filesize

      19KB

      MD5

      3adaa386b671c2df3bae5b39dc093008

      SHA1

      067cf95fbdb922d81db58432c46930f86d23dded

      SHA256

      71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

      SHA512

      bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

      Download Submit

    • memory/2156-140-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2156-141-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2156-144-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2156-145-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3064-151-0x0000000000400000-0x00000000004BC000-memory.dmp

      Filesize

      752KB

      Download

    • memory/3064-9-0x00000000001F0000-0x00000000001F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-153-0x00000000001F0000-0x00000000001F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3476-0-0x0000000000400000-0x000000000046D000-memory.dmp

      Filesize

      436KB

      Download

    • memory/3476-150-0x0000000000400000-0x000000000046D000-memory.dmp

      Filesize

      436KB

      Download

    • memory/4460-160-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-180-0x0000000000950000-0x00000000009F2000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4460-149-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-156-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-157-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-147-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-163-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-166-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-169-0x0000000000950000-0x00000000009F2000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4460-170-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-173-0x0000000000950000-0x00000000009F2000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4460-176-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-179-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-152-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-183-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-186-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-189-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-192-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-196-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-199-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-202-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-205-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-208-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-211-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4460-216-0x0000000000400000-0x0000000000589000-memory.dmp

      Filesize

      1.5MB

      Download