Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1fa5f289c2...54.exe

windows7-x64

10

1fa5f289c2...54.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fa5f289c2dd624b4da157b67c4b3954.exe

  • Size

    15KB

  • MD5

    1fa5f289c2dd624b4da157b67c4b3954

  • SHA1

    1fe176203eced9cfd6a1f6b920b7ab54c8b804de

  • SHA256

    c0d3d9536f434075022bb09d0523b74aee433dec55d96103d93c1ba4498d2fed

  • SHA512

    900f0d8827957dc93f86875537ec5da8ef037a8df81e969f1bec6dc82aeee48027758e78fe74b1582c67b44fcc2886bd211bdd140ccf58a1843d68d515cc8322

  • SSDEEP

    384:WqPKe+qWpQsSV/PpHgbcWP7BswEb9vJEyT:WTUYQ/P0VPhe9F

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fa5f289c2dd624b4da157b67c4b3954.exe
    "C:\Users\Admin\AppData\Local\Temp\1fa5f289c2dd624b4da157b67c4b3954.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\9222.tmp.bat
      2⤵
      • Deletes itself
      PID:2944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9222.tmp.bat
    Filesize

    179B

    MD5

    393bdbd91735c4f179c5d4b621e21dcd

    SHA1

    65ef56551ac6b757d65fb29a2eb66eaa07723f79

    SHA256

    e63b9004f84eb91798db51d4a746cc670575a55adee20e5ab9e55a85cb295534

    SHA512

    ebfdc7e180b6f98a11bb8123fb3279670fc7f263e6f69f574d517c49a4e1ea76bacb0db0279de64dc345ea4f5c418bd85dbd8712838166d7dc8f8283f3c42c1c

    Download Submit

  • C:\Windows\SysWOW64\cmwlqxln.nls
    Filesize

    428B

    MD5

    de74ac117042d88ba41481a8d8762d58

    SHA1

    0b9bc83b2f4b4867dcda00ade4dd7b42ce8d884c

    SHA256

    3d7f2907e48ae8242207935f444d7d75cd0b15f2291112d35bb103612647872d

    SHA512

    973345e037cf46b5364ccd955927d07ec8666d5923ea6740406527a0170c72b5814598f81bab4d5434dfb36a3acf131ebeec65206b0b7c9bc320f285acc2a612

    Download Submit

  • C:\Windows\SysWOW64\cmwlqxln.tmp
    Filesize

    2.2MB

    MD5

    b9e718754dc41ee678ac3111c8ee34e8

    SHA1

    d4e2657a0398f3007785923bcae6615bb142151b

    SHA256

    9a9596c54b6a22830258ff88f64f20c16b18baf47a6ce099127f0063fe3075b8

    SHA512

    dd1dfb1eca1e39238cf97dd71234bb15666667497b5b5de28b2aee0f436e296b4d4f3ec6d27a1b94cb926a4f3c7c459074ba1a3f85448563039cc13cbb3bcb20

    Download Submit

  • memory/2080-16-0x0000000010000000-0x000000001006C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2080-25-0x0000000010000000-0x000000001006C000-memory.dmp

    Filesize

    432KB

    Download