Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

parentalco...up.exe

windows7-x64

7

parentalco...up.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    parentalcontrolsetup.exe

  • Size

    1.9MB

  • MD5

    7a62bce2d731b737ad61473d6f0815f8

  • SHA1

    e315a87a4e8145bd919eed8d633bdc8f8a1d5010

  • SHA256

    a4e0bc3a14238d5fd855a652492d3282edbe67241b9649ef1a649fea66694e75

  • SHA512

    6ac22bf005991d7cb307b4c021a27d7d4e5e4b293e2ad83701c8ed3007157cc959555980fbb529ef2274d0c41650672c63f48edc0de7d0c47c48e43b3e4dbcb0

  • SSDEEP

    49152:76dFTbyCiKE/RPcWSwW5fkA5sYcOWLI9KVjMoC2UalwVbv4e:edFT2CcpPcWSwW5fZsYcOS5ZC2DKVb1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\parentalcontrolsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\parentalcontrolsetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Users\Admin\AppData\Local\Temp\is-H9SN8.tmp\is-7DLMG.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-H9SN8.tmp\is-7DLMG.tmp" /SL4 $40026 "C:\Users\Admin\AppData\Local\Temp\parentalcontrolsetup.exe" 1719399 52224
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-H9SN8.tmp\is-7DLMG.tmp
    Filesize

    94KB

    MD5

    7f9a1d3c4a38d089af37e9d13f6654ea

    SHA1

    36ac80fb6a8db4b40ebbd87a1b9bc6534015802d

    SHA256

    7ea0a9dcf7db7120c0c782eb1a5a9647c0f7139f17fd80eec84f07645a9b991c

    SHA512

    682e8ccbd7cf777a175b592de3ff1a07159c9d40d9264ea17bb855a779613bfb93121ce77bc069bc3c12e140371e54d68c6797402f6a50eacbbfc5ae9d133ad6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-H9SN8.tmp\is-7DLMG.tmp
    Filesize

    384KB

    MD5

    60394256720eecdc14371e878f3c79d6

    SHA1

    7322e341805609e99d3c6a0d6caf3f973dde8453

    SHA256

    64a527a2d21ea6e0c35cbfd282073d4f13543feb93ca6ae6bf78aeae784e4dd9

    SHA512

    a589893a677528ced48ad6883cc3fb31b980130210d6c79c02caeb7077715ec4e92680239774bd677646dbdb9ee993cd3f5bd890c6346e0622653457dff19286

    Download Submit

  • memory/756-1-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/756-16-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2308-17-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download