Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

55ecaee297...1b.exe

windows7-x64

7

55ecaee297...1b.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 08:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55ecaee29747f91f29820e9612d0aa1b.exe

  • Size

    130KB

  • MD5

    55ecaee29747f91f29820e9612d0aa1b

  • SHA1

    6ae1499821588a276ccbdc586bb217b5aba5ac35

  • SHA256

    35e51d7c7a8ea66b62f9ec54ee6aae342d275df50636d80b6925ea578cab1468

  • SHA512

    788097fb6115d1947f6ed90b71f6dbefc15b55d57bab910675bf82b9af6530553ac5c988445faab166b383d6afc1e7872c1ba31ab4186a476f198f1456a7d108

  • SSDEEP

    3072:T04/We+vRh6HWEz9UIXxWPKT9mlTQHgj/uFyJBTw06pJ:TH/Weoh6xUIXMPUUlTQOW4Dm

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 5 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55ecaee29747f91f29820e9612d0aa1b.exe
    "C:\Users\Admin\AppData\Local\Temp\55ecaee29747f91f29820e9612d0aa1b.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4360
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\run1.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:812
      • C:\Windows\SysWOW64\regedit.exe
        regedit /s C:\Users\Admin\AppData\Local\Temp\s1.reg
        3⤵
        • Modifies registry class
        • Runs .reg file with regedit
        PID:3320
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c erase /F "C:\Users\Admin\AppData\Local\Temp\55ecaee29747f91f29820e9612d0aa1b.exe"
      2⤵
        PID:1824

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\run1.bat
      Filesize

      118B

      MD5

      c9ca0afd6c6d4ba684394ab5ee38482c

      SHA1

      218342e5aa6ad25831f0f4991dd45cc822940206

      SHA256

      fb1820a50d3feaa20d5c43c92ce107c025d80549a0337b272df8c9f5ce89c25c

      SHA512

      3c8228a0cada2ef3a4c8fba626afd0bb5f518413243f0473842ae16a96a72e8b96229026413721c9472908945a6198ee6aa260f6c7516b984b3f7de6889a0495

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\s1.reg
      Filesize

      401B

      MD5

      5e32fb9a736a8c57fc91d686f47933a0

      SHA1

      af36957427a7941e76706171e5943fdf5e8345e6

      SHA256

      1691cac4fc9de53de098f525ff02f9a01cabbc952f00eed8c533f62190ef8ba4

      SHA512

      96e4734944bbee46e7b3b3ca5bb692482df6ce91fbf764828d1304d1133ee7e3dc6c63cb3d5bd4e7a59adbc9a23af438490db5827cfb0438a3aa8eaf91a2546e

      Download Submit

    • memory/4360-0-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4360-1-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4360-2-0x00000000001C0000-0x00000000001C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4360-8-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download