Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

407f96162d...55.exe

windows7-x64

7

407f96162d...55.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    407f96162d507a23d71d0ee1dc42e055.exe

  • Size

    51KB

  • MD5

    407f96162d507a23d71d0ee1dc42e055

  • SHA1

    f16b9fe9f4a103eddf7de56d12d7bbcb52ecc236

  • SHA256

    ab1d4ae7528e91206a2b2374d5db83291df56b41be3d1f83eccb21b240f3a8bc

  • SHA512

    3886b0696a9c323218c87065ab7d7c5f62af83fa322b95ec047b272c5f50d9db19197ccd65466ab144aa95ddd2db92cc0740c327f48ce3c61bc2d583e432af00

  • SSDEEP

    768:qkZa1tZm83YNn0an2a9w8ud5Io8sXuUQR4r+L6tgU02OKAdRgMC:qkYap0an2a93udFurW+L6tgU0tDdWr

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\407f96162d507a23d71d0ee1dc42e055.exe
    "C:\Users\Admin\AppData\Local\Temp\407f96162d507a23d71d0ee1dc42e055.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\_check32.bat" "
      2⤵
      • Deletes itself
      PID:2064
  • C:\Windows\SysWOW64\aspimgr.exe
    C:\Windows\SysWOW64\aspimgr.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_check32.bat
    Filesize

    179B

    MD5

    cb2168f2241460ff2380d5177b48e9c3

    SHA1

    4f8f35100003c578160dd3acc48041a6dbcd7a6b

    SHA256

    45af310dce31243d2525752d7b422008881fa8cbbc70538b48cac0f5cd9eb24e

    SHA512

    af307a496b452d55212f06a91a4b9cc89e77f01caea603603221f318453eeaff48a07ca481625b9112b250e43c66ab4d0a595e9d3aca2948ff8f4b2a40d5a3ee

    Download Submit

  • C:\Windows\SysWOW64\aspimgr.exe
    Filesize

    84KB

    MD5

    bb470d9076b61f0b660e060dd756c918

    SHA1

    69e2e4ac5888aea0bc2cac617eca46398a59329e

    SHA256

    d82b23b25dc47aa2f0a0a48e5b7627d0626804e77dba005b3d5d0be430bade11

    SHA512

    bccaecc6746851ac9147c735f2b3d0818699b1ae665a1aa5c9fb2aa93f384f0bebc032fe5691f9e9f9a0ddb46e6e405910a3a171b6bf8e843612cb80d9d631a5

    Download Submit

  • C:\Windows\db32.txt
    Filesize

    100B

    MD5

    0ec43532ebb4cb128756cae16a6c8a1f

    SHA1

    c1003014cd2c0682e59f00fbb195e4926774c45a

    SHA256

    c7ef2d1f7b0b6339ed60881718c5f76cf1b44292ad6b6c7b7fe5cfb4658e7562

    SHA512

    c7d95cd687ad9a3a21057348a5da7f140cae9b29de90a494a6062297a6c7d9a82c6d6c2293e764552e004465cb4d80a4d8cd07915771efd3cf71de00e6aa9086

    Download Submit

  • C:\Windows\s32.txt
    Filesize

    129B

    MD5

    6e82b6ad2da0e27134d0fdd68683bad3

    SHA1

    973cdd2ed16b4821700aa4e7c6b6f50f44d8226a

    SHA256

    2b02bfda78caf445809c6fdf594610a0f2631abd48578ebed9eb4b30f7076eb5

    SHA512

    fb8a5306962307ed20c05b4c1eb959f2348928890d18ea3f237f145a22b73e32847ddcf3aaf5d5d1a7ed9734cebc53894bc91164b0b6a46d7c343cb1ab84d014

    Download Submit

  • C:\Windows\ws386.ini
    Filesize

    12B

    MD5

    8380fe76ec1fec63ada498b0fefac689

    SHA1

    61e4017ca864f2f076f039d9524ed13129957e2f

    SHA256

    5f7305a68d0aac54587f4ca0183056b30160ac1fbe7bfc7097415d65549c4453

    SHA512

    7ac4832e8f394790e0bf8b7094e12e1163693e946529271d162922f78549c03d687c2820298471c45a613858edc70b7cc9f1168850981d0b476c9155a0ffb5d5

    Download Submit

  • memory/2968-0-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2968-16-0x0000000000400000-0x0000000000423000-memory.dmp

    Filesize

    140KB

    Download