Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

mal.zip

windows7-x64

7

Resubmissions

11/01/2024, 04:17

240111-ewj4tsfcf9 7

11/01/2024, 04:09

240111-eq4laafbg6 7

10/01/2024, 02:48

240110-darq4scdbn 7

10/01/2024, 02:33

240110-c2bcrscbfl 7

10/01/2024, 02:10

240110-cls8msdaf5 1

10/01/2024, 01:31

240110-bxfw1scec5 1

Analysis

  • max time kernel
    759s
  • max time network
    651s
  • platform
    windows7_x64
  • resource
    win7-20231215-es
  • resource tags

    arch:x64arch:x86image:win7-20231215-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    10/01/2024, 02:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mal.zip

  • Size

    4.5MB

  • MD5

    15a36183a2d2c4a43f7f203548fbcb04

  • SHA1

    3ce2a3904eeef714abec465b55a0c20f6e47b079

  • SHA256

    ebb825664642befb034e02fdac2c2ed618f2832e563f1380f8f02e738e477345

  • SHA512

    67325d485999e25cbe1c31162af5f3f081de3a22b15cd7b79470c20276a4fb299762835d94e7a4ffa4756b41df9eba7d692d84d455d7645e5e09386a09b18e4f

  • SSDEEP

    98304:pOA4lR+FGuh9N2fQdB9ySsivCYOxSeWs10MS9UVmpLhVGQvnUQqy5H+:pSR+FGugfQdB9vlvChWmdS9U2LHFZF+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\mal.zip
    1⤵
      PID:2468
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2276
      • C:\Windows\System32\msiexec.exe
        "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_mal.zip\DHGVD67JH-7DVCJ7HF-E7CLJHE7YH-E67FBHCH-7992643.msi"
        1⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2292
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Enumerates connected drives
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1096
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding E963C6514D275F918699A346009605A4
          2⤵
          • Loads dropped DLL
          • Blocklisted process makes network request
          • Suspicious use of SetWindowsHookEx
          PID:1380

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\Installer\MSIDA58.tmp
        Filesize

        184KB

        MD5

        93805af627130d7002e4934bcb5b8f8f

        SHA1

        822d788d28622057ac1d78638452c229124ace43

        SHA256

        3cdf679e98f82f66fb849f4f498964caf20af0c373d9acc8b08a43202c87637e

        SHA512

        d176c047ea8b3e7e83edae66d35621be57b1e1aaff69e076a037afeb91624d4661876de1070c4e75826e56c3ecff2db31f4b19db14f3b4178c1556ed0a76a6d4

        Download Submit

      • C:\Windows\Installer\MSIDB14.tmp
        Filesize

        167KB

        MD5

        da5959ef13aee0c3fc6e78805cde2174

        SHA1

        064be7ec933c37df6301c4c52c683f6f751e84c1

        SHA256

        dbbe033dc563ad2a81d5e18d995cb3a4935f3033f2712735c2a3c58123e7b2a2

        SHA512

        dc618bf01f7f6041b133a929ec949f1dd167267d891f80cadde47f9efc88e60743481cfbdfa4d7325b8fff1a9e000ec897d8cb226194d3a3aae5a3bcc985ddea

        Download Submit

      • C:\Windows\Installer\MSIDB92.tmp
        Filesize

        189KB

        MD5

        82c77f3cc2344fffbfcd6de6201f41fc

        SHA1

        e971462953bb1ece309cfde6e765244ff214786c

        SHA256

        b1dda5ac234ade98a7fa4387500ffc15b3cae71699cc5c4f6e997ad66b1ee3b0

        SHA512

        2208174245e2ad8ce7937558914f58ca052900d8a212c889ebbddde24e859af0a55ccb19496d2282708c859861f5aa5b6e9a1c52c4dffc931e42103510c099e0

        Download Submit

      • C:\Windows\Installer\MSIDB92.tmp
        Filesize

        223KB

        MD5

        65b40089526a9d74125b2ec019f1c06b

        SHA1

        95fa3b6b0700c06138551091475c7e50de0920e0

        SHA256

        f6f3a9be523d244b6282ab1f4ff415f945aa5bc58ce019f18c0cf32349cd9799

        SHA512

        0d4010c6a1135e8862a714d31c915486942627497b7a3066c1488317a756797e01f71c38899d138836af8e0769f9a6e9828d1765a0007fae3c20a26f44d163f1

        Download Submit

      • C:\Windows\Installer\MSIDC50.tmp
        Filesize

        45KB

        MD5

        1fb4586f49828adba9b0f0fe466d4520

        SHA1

        fa19b4de7b6da03a26d6fc85359dc73da20f0bfb

        SHA256

        293c8f129046da419f8b04251073905e9c21d269d1c3b91112265392ac34b14f

        SHA512

        13c8674c7acbd6667134c2e5187b77534fc19aaa463adb6091dc7afacc27fc63eccdb5735090066259f63434fb786a6fe1e161ed56c0490775821c4f7b751b3f

        Download Submit

      • \Windows\Installer\MSIDA58.tmp
        Filesize

        315KB

        MD5

        51cda5c59cc355b42a51cba82a214af4

        SHA1

        dfc6318c8cdfeb9479f0efd426d866586f6ad4b7

        SHA256

        9255ef3c4b553390f52f678c9a641fd10778f64f9f9452473a7cbe2fab4eb05a

        SHA512

        6194990bbed67de6053843b1abf22fcd51706d23713f774b1b4b05e9a616d7d180609249058d8bebc45e1d36728753086296807a04b69b1479b27190e8e8b91a

        Download Submit

      • \Windows\Installer\MSIDB14.tmp
        Filesize

        126KB

        MD5

        492303ef60d2dc2cbbd8ea08438233f9

        SHA1

        dde214f593e63a7e6228f19aa02cfad15594acd0

        SHA256

        574ff40dceb1491e5426ab85be189ff5e8cbf6e88d25c59ab59e18213e699347

        SHA512

        761c49f00ac14c6ff29e95ac6183f5b714b49847cdac3075b9f6d53f7e879f0c0f372af0bca8d4d83b9b81cb917cf2980ce25d0ab86f19430591298156843df0

        Download Submit

      • \Windows\Installer\MSIDB92.tmp
        Filesize

        56KB

        MD5

        6fd32f227b593c20c9a1b0ae946e69d9

        SHA1

        7d2bb9c5fcce4cb3c63fc74664a80e29d8e03722

        SHA256

        d259505d96fc38542333e3f9fb1aacf5fc8533fd8755a57167830277bc65d15a

        SHA512

        24341f9469882e7c4c2e395460cb84babeafc2cce81c4a7aa8aea79c89c3820e0c55440faefbd05cfb26b804efe6a8c3ed08e75bf1694520dcb6f693ac035d6f

        Download Submit

      • \Windows\Installer\MSIDC50.tmp
        Filesize

        198KB

        MD5

        fdef7ab18380fabf88eda1c50795ae86

        SHA1

        8ae79ead3eb162d15c67522d22c5cbb02d864629

        SHA256

        2094d4346b48bd9ac6dd78d9eaf2faf9a801ffd1d27e7ee9c342ff33fe05a11a

        SHA512

        96b6f2cbe580f79042e66bc10bce3b38fa6cb9294cc84ded299df1496fa5031857f8ccbf9a8c43f2d4985b0434b8eb2586a88051909b20830dbe10669fb20c1b

        Download Submit

      • memory/1380-21-0x0000000072620000-0x0000000073177000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/1380-22-0x0000000072620000-0x0000000073177000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/1380-24-0x0000000072620000-0x0000000073177000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/1380-25-0x0000000072620000-0x0000000073177000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/1380-26-0x0000000072620000-0x0000000073177000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/1380-28-0x0000000072620000-0x0000000073177000-memory.dmp

        Filesize

        11.3MB

        Download

      • memory/1380-29-0x0000000072620000-0x0000000073177000-memory.dmp

        Filesize

        11.3MB

        Download