Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 13:19

General

  • Target

    43c890dd552a388b19fa9878f6f40600.exe

  • Size

    123KB

  • MD5

    43c890dd552a388b19fa9878f6f40600

  • SHA1

    7c9eedaa64c1de8b80767c0146dcdcfd85706203

  • SHA256

    39a867c9577b630dba0faeacecefab805c5f0900c4bfd948c09b2abeca337b37

  • SHA512

    905cc8a8170d3ee6b0b12c178c0cb34888962eb8fc1f03d8c83d520d4b264273dd92716ab8802c84617aac31355a0b329c58e2a16ecd10893c3a845e6b5ca93c

  • SSDEEP

    3072:OeSQ41MZrrOwzrq5Ss9eYfphfFQkUcot3EpeBWLLUnz0:OVYrJrOSsRwcpCI

Score
8/10
upx

Malware Config

Signatures

  • Manipulates Digital Signatures 1 TTPs 2 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 4 IoCs
  • Runs regedit.exe 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s C:\Windows\tmlpcert2007
    1⤵
    • Manipulates Digital Signatures
    • Runs regedit.exe
    PID:2872
  • C:\Windows\SysWOW64\regsvr32.exe
    regsvr32.exe /s "C:\Windows\system32\egaccess4_1071.dll"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    PID:2276
  • C:\Windows\iaccess32.exe
    C:\Windows\iaccess32.exe
    1⤵
    • Manipulates Digital Signatures
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1444
  • C:\Users\Admin\AppData\Local\Temp\43c890dd552a388b19fa9878f6f40600.exe
    "C:\Users\Admin\AppData\Local\Temp\43c890dd552a388b19fa9878f6f40600.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Instant Access\Multi\20100713110702\dialerexe.ini

    Filesize

    587B

    MD5

    6b0793b050af5e5cd85f722faa56842a

    SHA1

    0ec6597581b8526f97e40fd33a64bedd7598377c

    SHA256

    e7c2d2ab0c3963dfe758d1ab748e9dd9d5ed2369492fa41c9863bbcd9ec14518

    SHA512

    24a3af5439750712ea591b51fc548a1efb925c8b5cc76efefb07702e7fb625628825851c541b788e356ab6e99502ba9db66e5f67e13d3eadea10d1c16f43df8c

  • C:\Users\Public\Desktop\NOCREDITCARD.lnk

    Filesize

    2KB

    MD5

    418148b3214b65c31d222ef89035afbb

    SHA1

    f046dbb31858177b9c19ceae90e07f5a31971379

    SHA256

    3afc0736b2c4924ca22b8097f8af32fca88c199a5adae40b20d92928b076bdc3

    SHA512

    6ead79bdad26a11b0183de4d6f480130fd9b08b50610c06f3e01a20290c070e8c581e0b08c6ee9562d3de8e8176c8c717c4115d70d2644b2f29b32d905c9f258

  • C:\Windows\SysWOW64\egaccess4_1071.dll

    Filesize

    18KB

    MD5

    6f6537f3f271ea9e9c68fd48e13a4c8e

    SHA1

    35b1505fb65f670bc3dd9791ba122dd5991e088f

    SHA256

    356185c84104e97fdc5838d2659895a7420b22dc6ecd39187f0b4fc59a706be1

    SHA512

    bdf49ed6b67fa24cbf952fcae6374b4de7e09b8c3115812f457a426e9c1094c0fcf32da030fd5cd25ae9e3db4d367b6c5f5f94b360090a7fd342387cf1beea66

  • C:\Windows\iaccess32.exe

    Filesize

    13KB

    MD5

    edfaab0c1f36aa609d61a73bb5f7be3c

    SHA1

    a8d8503a01bc73b99c7f57f298e0c6532408b0b8

    SHA256

    ed2d39c6e29175b23ece03899cd912da7483cbc9a9031673113b71b88b7e22f3

    SHA512

    4980778e03f79f521dfa7232d139d1db2762d9c67b482b8cbac0be28f6e819dbe392fa676fd5220108c45e4d2e9c6e02f2f5780975e5f419320e9b27e664d0f1

  • C:\Windows\iaccess32.exe

    Filesize

    58KB

    MD5

    bfe2cad99f6417f9e726d028d63a3c0f

    SHA1

    248fa9e7fe2ce770aa75862415abbdfda8f2ac6b

    SHA256

    04508fd71d93c4c14ff0dd477c4c71bb9fe3cbf8788b059440e73d2311ed28df

    SHA512

    d716b9e669bdf13009002f3fdd902a315363a20fde35df9adece412caf77261fb095c2df3ffcead3f59278f2b25c1e94fc5868967ddf78908260329cbe4750f7

  • C:\Windows\tmlpcert2007

    Filesize

    5KB

    MD5

    8d097b317d6e4aacd0ea9addca5ef291

    SHA1

    c161ba6fd9ec5eba1924ffa25141783ecadf53a9

    SHA256

    99bf870eb0e5a1f7bd68bcc2d046f3810f81bb82217247756ecd27fd006c8794

    SHA512

    27b5e20371768c8f46a3ceb860bcfd91953db318ec77be208edb21d65390de2adac680f7242733a908d33a88b7f49d6e6179e7e844562b0829e512b6400d95fe

  • \??\c:\windows\iaccess32.exe

    Filesize

    29KB

    MD5

    4c7b3b30ba4e7f00fb57eb8bfe07e6dc

    SHA1

    0847cee00b3e2a9a915468bba86860573d0eb5d4

    SHA256

    e5fb0524fa6b31ec2714c6bb8a57abe260d29afce0578ca46a05b24b7ee38d3f

    SHA512

    242a96a895b7874ef1b33d16ef6e538f7cb6fe647797d4c05c464d0f3376503ef003aaa0d85a78fcf6266ac1032e2ba2c56b501edcc3ce68a417c3a140cd93f0

  • \Program Files (x86)\Instant Access\Multi\20100713110702\instant access.exe

    Filesize

    1KB

    MD5

    6040b1dd431aefe5a915b1401f6b44e8

    SHA1

    72140d40d5162b23bc6eb38c0a965ec1479d8d7a

    SHA256

    559c864cc707fcce923d32975464ff9a53cfae447c6a5d30d0b5de1315cfb697

    SHA512

    104473c0297e7b555deb85486604b05682e90356bd39c56c69beb6d1dc0312098bc48ea55c9ac87f16a79d81d267be5348d1fb9bb69b09c0413b90ad7f0dfdb9

  • \Program Files (x86)\Instant Access\Multi\20100713110702\instant access.exe

    Filesize

    12KB

    MD5

    e4906f60b4fbc103ea326e6acdde6e9c

    SHA1

    f662e7a1f9515e9d3cdf15ead33369da61d133f2

    SHA256

    846a4e75dd685e518c086885cc0c6b6a66d4480349b7a9e83a64c01d30c5a690

    SHA512

    db9932256d71149ab40412f8f9a408a63c29a2eab4d29401fc302e3455467d79b75c46d547246b146dbfe7677c64c1238d6e8cc0291265dc076cf7c2e80f0f96

  • \Windows\SysWOW64\egaccess4_1071.dll

    Filesize

    32KB

    MD5

    55d36db08c888cd8207d3f3d56ab9462

    SHA1

    f3eddbca7b45b3d8b7fe4925cc219b46620cb66d

    SHA256

    9453fcbadf6f0c45822f1965734c91b54256d8841f9924845c71770a3c637370

    SHA512

    d742c9dec2e05d64da90220b779fc9781f610e12b10d94db45243611bd4f945095aca7a85a52dceeefa681c294a2657a7564e7b60715e09d02d33a8bc9f5c8ff

  • memory/1444-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/1444-56-0x00000000020F0000-0x0000000002100000-memory.dmp

    Filesize

    64KB

  • memory/1444-57-0x00000000020F0000-0x0000000002100000-memory.dmp

    Filesize

    64KB

  • memory/1444-86-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/1444-88-0x00000000020F0000-0x0000000002100000-memory.dmp

    Filesize

    64KB

  • memory/2276-32-0x0000000010000000-0x0000000010047000-memory.dmp

    Filesize

    284KB

  • memory/2948-7-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

  • memory/2948-3-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

  • memory/2948-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB