Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

59fcc0c5a1...c8.exe

windows7-x64

10

59fcc0c5a1...c8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    131s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 08:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59fcc0c5a123dc0a67d61c57164ba5ea344a10101ad7bd6d3c3404c7e55f06c8.exe

  • Size

    4.0MB

  • MD5

    0e9380c75030b8154997b4e8310357b3

  • SHA1

    76ced34528c734c9871e774a6bd9cc1decffb2a4

  • SHA256

    59fcc0c5a123dc0a67d61c57164ba5ea344a10101ad7bd6d3c3404c7e55f06c8

  • SHA512

    be3b4675e43f3ef13014a7ac8e63df4073696997d786e03bd62bc0c9ae695af215011583ca50dc47ad4db8048de9c2e071db7c4e7749834534d80f5251416ba6

  • SSDEEP

    49152:A+CNRa23/nk7xi03zDWi26fs2cWDAbcl7jkv4+9Ry4kjCzSC:bIRa23/k7T0uDhEv4n4Mm

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet payload 1 IoCs
    botnet
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59fcc0c5a123dc0a67d61c57164ba5ea344a10101ad7bd6d3c3404c7e55f06c8.exe
    "C:\Users\Admin\AppData\Local\Temp\59fcc0c5a123dc0a67d61c57164ba5ea344a10101ad7bd6d3c3404c7e55f06c8.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\SysWOW64\sxteam.exe
      C:\Windows\System32\sxteam.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:2896
    • C:\Users\Admin\AppData\Local\Temp\µÇ½.exe
      C:\Users\Admin\AppData\Local\Temp\怫.exe
      2⤵
      • Executes dropped EXE
      PID:2660
  • C:\Program Files (x86)\Nnvnnrv.exe
    "C:\Program Files (x86)\Nnvnnrv.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Program Files (x86)\Nnvnnrv.exe
      "C:\Program Files (x86)\Nnvnnrv.exe" Win7
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2820

Network

    No results found
  • 103.193.189.29:8000
    sxteam.exe
    152 B
     3
  • 103.193.189.29:8000
    sxteam.exe
    152 B
     3
  • 103.193.189.29:8000
    sxteam.exe
    152 B
     3
  • 103.193.189.29:8000
    sxteam.exe
    152 B
     3
  • 103.193.189.29:8000
    sxteam.exe
    152 B
     3
  • 103.193.189.29:8000
    sxteam.exe
    152 B
     3
  • 103.193.189.29:8000
    sxteam.exe
    152 B
     3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Nnvnnrv.exe
    Filesize

    2.1MB

    MD5

    7145a479fd90ca34fb166928daf80091

    SHA1

    ee6f1081860d8d26ff060bca25503071a30d87f1

    SHA256

    3da7ef3f23871e45306e783acc593b4171aed03158322c86a8adddc7d4ff9952

    SHA512

    1617d74b630437470c264c348bf6c765eb1b8ed9f1102cc404df3b172cc17338d6ecd4045327bebe91cbafba180cdf4275f7d514cdaaa7c98226a9fb2d5ed2ba

    Download Submit

  • C:\Program Files (x86)\Nnvnnrv.exe
    Filesize

    2.1MB

    MD5

    25fd62d0cfb614c0d6298f242a87c437

    SHA1

    36686a8e2a272d39337874fe20cbd61afb8493fd

    SHA256

    4b9b174b6d305189029f41bb68909e62d9befc5c06d3aa70a38dc46f67269510

    SHA512

    c579ebb91434d519b367876c1a4a0e39efe049883e22b502999b64554c0cd253f14069209f2d7d218b9bf43f2e05de27c39442d619d83eaa8ee7ffd2c2d6a25a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\µÇ½.exe
    Filesize

    8KB

    MD5

    8c62db072c6ce1d4776bee7954d45e98

    SHA1

    1e328f615baa9f79d20cf3e2f242cfd46462f2ce

    SHA256

    fd4dc8e58d8e97dd54ea0fd76b6aa25aa5afd3a859467dca3b9123ad10a4d331

    SHA512

    fc67482599fb9b11c5e4fda9005b8cd903da64ce7f4022a8f297b7c3ac553705f78d9d21fd0237a7ab052036c47927935dc85ee17bb4ca287d50b5f911a43a19

    Download Submit

  • \Windows\SysWOW64\sxteam.exe
    Filesize

    3.3MB

    MD5

    19d204376965daa8293b8dad0544e792

    SHA1

    9d57f94c7c59e462bc281b0d0321ea5049a4d4b5

    SHA256

    d20854dd8c10f5957f51e70c07b8129d05c5c56c9cc3796b815087ef123d9eb3

    SHA512

    80783d97681e17f506f4f38495b34e2450144c504232cf2c65c5e3f670f2518357c6e238634ae32290f9bc3eff07edc8445253e49a179f5c869d9572e163f2c7

    Download Submit

  • memory/2660-27-0x0000000000220000-0x0000000000260000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2660-28-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2660-40-0x0000000000220000-0x0000000000260000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2756-26-0x0000000000230000-0x000000000023A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2756-24-0x0000000000230000-0x000000000023A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2896-8-0x0000000010000000-0x000000001001F000-memory.dmp

    Filesize

    124KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.