Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

421571a827...ff.exe

windows7-x64

7

421571a827...ff.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    155s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    421571a82751303c008217eec5daa5ff.exe

  • Size

    42KB

  • MD5

    421571a82751303c008217eec5daa5ff

  • SHA1

    321d04e67fb1504fa1e0f5f0681c365619a254a6

  • SHA256

    b7a6e9a300bb947deaf77f30f12ab165ec5d733de9b3622d95ba48bd48e0e105

  • SHA512

    d04f1ae37c33152169ab8698abb892aee4f938369cdd198c832fde70f084a78f9dbc7d8550916d1739b3f97ae2fbb91e056e6a7ba6c14abb7fa8260e86edc954

  • SSDEEP

    768:DdEHZmCAS1PdYQ9VQz7dq5QfDvYX8kxpcIRwPnNqjm6HyDNoSvY:DdQZmYPd1C7dKzski1qj+oSw

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\421571a82751303c008217eec5daa5ff.exe
    "C:\Users\Admin\AppData\Local\Temp\421571a82751303c008217eec5daa5ff.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Windows\Fonts\svchost.exe
      C:\Windows\Fonts\svchost.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:848
    • C:\Windows\Fonts\sys
      C:\Windows\Fonts\sys
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer start page
      • Suspicious use of WriteProcessMemory
      PID:4900
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c del C:\Windows\Fonts\sys
        3⤵
          PID:3496
      • C:\Windows\Fonts\cmvd
        C:\Windows\Fonts\cmvd
        2⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        PID:4740
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        2⤵
        • Loads dropped DLL
        PID:4380
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\DEL.bat
        2⤵
          PID:4880

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\Fonts\cmvd
        Filesize

        13KB

        MD5

        1f616ee8ce5a85839e609d0a4274e681

        SHA1

        203f7f81ccfde4e73f3a952c489bb30fe6303292

        SHA256

        88d8b025747350a8316d86890685c47fe09aa83b30a2820fa3933bf809924cdf

        SHA512

        fb4d7efd270881e6ea683bd23dfb99017f7a333b937375595ed3d0bfe0aec7abe863188b4649fed69c797a30d68ec6a21d06d8c5b0ad39b767e7d7879ffaa20c

        Download Submit

      • C:\Windows\Fonts\svchost.exe
        Filesize

        8KB

        MD5

        88fc5792eadf0663f2b47ba2eb97a98e

        SHA1

        523c6c837ee16bdbf719bd610b27eef494e08a56

        SHA256

        a9c2cdb7e6e08199202f0f9f7ee6259e30de9496f5db1acd25ad45145ec915b1

        SHA512

        a11f3823b32df6c301c2e8445a71cd2a9e5adfd2404dea3fbd662737522acd42596d9911e25578855a10437f3ba31cef72180aa82924d770b915e4e6f1d7d8b3

        Download Submit

      • C:\Windows\Fonts\sys
        Filesize

        1KB

        MD5

        bfc129b8f581799d9599acb0ed96837a

        SHA1

        686cd7cda5b150e39280f50fb4182005cf4f17be

        SHA256

        54fab61096be4c60a67e21bb4f731c788f00b27476a08c19946095602277de80

        SHA512

        58ee343ae4eb7c8713ad46b34b5474eddc557794ecd77688a35bdf7eefa899f9f43b4a9820fba2785eb004e19a34e771cedadbe42ec5fc61fbbeef6102680dc3

        Download Submit

      • C:\Windows\SysWOW64\dstkstxut.dll
        Filesize

        13KB

        MD5

        d2401fa3f731bd9e4f2360ead7f234ee

        SHA1

        1dc0031143478275ae96c6b7e6d9fd1fb6162541

        SHA256

        ce044688fadaab1de8559e60fa9c78eaf4b5270fd50069dfb8e1c64e785df75b

        SHA512

        e0a78ea3df016fafe4d361d9459a1d70a2b144a77482606a5b72dfe4cf08f54078e04a62175be184ba7940658ad410b7ac22f460ff9430368c54e3ecd7b66259

        Download Submit

      • \??\c:\DEL.bat
        Filesize

        182B

        MD5

        cbde77e6c842b3ea1d79da033906074e

        SHA1

        896bb0e34b392e20a27af56f90abbcc64b5796d4

        SHA256

        019abcad8d5a9d29a0d490c2f4ec013539976fa651e79e904d859ba804d22e6c

        SHA512

        a92d8bd7c8e1d2f1d9a631ff72f082d9ac32af73521e9bed9b354a0c1ebb338a0659e1a415cb39635fbea8e919a59858a34947ab1ae400a6db8e47a223a1448d

        Download Submit

      • memory/848-4-0x0000000000400000-0x0000000000409000-memory.dmp

        Filesize

        36KB

        Download

      • memory/848-6-0x0000000000540000-0x0000000000541000-memory.dmp

        Filesize

        4KB

        Download

      • memory/848-8-0x0000000000400000-0x0000000000409000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4380-22-0x0000000000400000-0x000000000042D000-memory.dmp

        Filesize

        180KB

        Download

      • memory/4380-23-0x0000000000300000-0x0000000000310000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4380-25-0x0000000000300000-0x0000000000310000-memory.dmp

        Filesize

        64KB

        Download