Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

0cdc51b0ae...be.exe

windows7-x64

7

0cdc51b0ae...be.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    163s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cdc51b0ae3ef491b1accd29f64167b498257de9a4d99e68a127caf06cbb4cbe.exe

  • Size

    536KB

  • MD5

    a831fd292adec253ceb03089ae56e1aa

  • SHA1

    1b13b93e1baa4be6813a2001ca75276891e07a48

  • SHA256

    0cdc51b0ae3ef491b1accd29f64167b498257de9a4d99e68a127caf06cbb4cbe

  • SHA512

    cecd1ed8872a384342b8fb88d0e456ef013ee0f8aa364c0ca82735626e638aa111c10bf4b138c0128f34eb71fb203f722a6327d12d1d06846ea11754e24b625f

  • SSDEEP

    12288:lhf0Bs9bDDq9huzJgIJzgXaEw9Stu/aB9a/Okx2LIa:ldQyDLzJTveuK0/Okx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    PID:3444
    • C:\Users\Admin\AppData\Local\Temp\0cdc51b0ae3ef491b1accd29f64167b498257de9a4d99e68a127caf06cbb4cbe.exe
      "C:\Users\Admin\AppData\Local\Temp\0cdc51b0ae3ef491b1accd29f64167b498257de9a4d99e68a127caf06cbb4cbe.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    1KB

    MD5

    7c32c9bf6649f6c80d4933af187cbac9

    SHA1

    964d4ad3410bf9a143eb15e86ca5738995de809c

    SHA256

    91ba921ae3bdae1096b112fe3e053ed0c074cdc982db647a3236d1ada5a81eb5

    SHA512

    e8daa557698181f11cdaa4d18edcd0c7b4a7d3b2b7950f90f5173831ce6bc1dc8de762cbeb238c5156cf173d77034c49fbbc184a0e9f2abfb83c67f9367ecd5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_3AF0FDC80EA858911339035786739FF3
    Filesize

    938B

    MD5

    1df463ff7596107c9f8d9d640d50c58a

    SHA1

    3f30f19bdb20d064c12b933325ce1c03b775f4a2

    SHA256

    c1edf2279c8f750b92cfacafa86c5639a231b3648c15d270b0cdf3f983bfc0d0

    SHA512

    9c5e7a1c3e6d3acadc1be21620dc12d48d19260121e6551425265d8bf7bf7d08691a8c62ccedfea3e0ef67aca7cec3c1bd39cfb05b05d1705a46634bcd38f4cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    502B

    MD5

    8751d6738fe1db3331a6addb93ebffd4

    SHA1

    69aac176c9eea05abcf1b5bb4c0e629ce111d37a

    SHA256

    6e539f45c77d75a101f2f35d90554a1aac944e7f6c95702588df900942c3fd0d

    SHA512

    202539d73c1ee8c61f02ea9b0a074cd7bdf8d0f64338795e303eb8e6f762870bdd7b84486b2d7d91d11ccbd86e62fce8a5bb5807c3c3bcea2f5ab9baedd747f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_3AF0FDC80EA858911339035786739FF3
    Filesize

    520B

    MD5

    93e3d5c825d97cfc2adec7ef85dfe18d

    SHA1

    ff3dc7985b18cea0e5ae13ea32a72a4215f7120b

    SHA256

    5dd6d8a017c5068c19e4efff6a79e6c08f3a1a315dce9446269e0af3559766fd

    SHA512

    8e5b886209055eec5fd1be04151035a82286a8c3d9e7ea99d2f0ad7c403d7d09bab3b604e3ae62e200bde89a0646282e43f693ad2c79775b54574b64df6736b4

    Download Submit

  • memory/1076-20-0x0000000000320000-0x0000000000422000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1076-15-0x0000000000320000-0x0000000000422000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1076-0-0x0000000000320000-0x0000000000422000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1076-3-0x0000000000320000-0x0000000000422000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1076-29-0x0000000000320000-0x0000000000422000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1076-33-0x0000000000320000-0x0000000000422000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1076-43-0x0000000000320000-0x0000000000422000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3444-8-0x00000000089A0000-0x0000000008A19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3444-17-0x00000000089A0000-0x0000000008A19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3444-5-0x00000000089A0000-0x0000000008A19000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3444-6-0x0000000003090000-0x0000000003093000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3444-4-0x0000000003090000-0x0000000003093000-memory.dmp

    Filesize

    12KB

    Download