Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

a051d0824c...22.exe

windows7-x64

7

a051d0824c...22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a051d0824ce65b37ac89218b5fcc82c345593d783c4f5f0a5721f757caa4e322.exe

  • Size

    536KB

  • MD5

    1fa29c7731c5ef66e62e8dc8289885b9

  • SHA1

    aba6fce50892b02ca0201a86107b66a3c43c045b

  • SHA256

    a051d0824ce65b37ac89218b5fcc82c345593d783c4f5f0a5721f757caa4e322

  • SHA512

    4c695befe3dadc40466369293ff5da0279c18a034754cac8dc776f75dfa3e91f6b17f3cc313c8bcf651c30eb317b10948bf46fca9a12e6c8223e9dfa2e66d762

  • SSDEEP

    12288:Bhf0Bs9bDDq9hu53Ltp/p+gPhhwPOaoTJRkmOkx2LIa:BdQyDL9xp/BGA1RkmOkx2LF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 4 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3436
    • C:\Users\Admin\AppData\Local\Temp\a051d0824ce65b37ac89218b5fcc82c345593d783c4f5f0a5721f757caa4e322.exe
      "C:\Users\Admin\AppData\Local\Temp\a051d0824ce65b37ac89218b5fcc82c345593d783c4f5f0a5721f757caa4e322.exe"
      2⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    1KB

    MD5

    fe0989527e872193f99d76162e262fa3

    SHA1

    2ddf716039dcb3f1bd0bea878c960d57774069c6

    SHA256

    268bd4cbb321bb25644c810734abe373e724c3d5d374a19f490483d9b285c482

    SHA512

    208c22dafaef8d1ff6f6532c66c378a731ef0d26c0d4480723ce289d4ed5678acf61776e090c2438e426416e3f12ff44784d992e0f18907a35b6ac92f8be9fc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_3AF0FDC80EA858911339035786739FF3
    Filesize

    939B

    MD5

    eb476edd1aa38b5085cb8474812f7e25

    SHA1

    fa8cbb19cbba2dca302bf86ffa9b904aea1a52cf

    SHA256

    e60f60372165bb970bb69a83524a107c2a2dcc2c45f65cc1aff3a436dabf9590

    SHA512

    10172aa9b52ab2eb421ab3d5e21dca0f15b4341793af4b549185d545a08c6cfdd868ac56ee63af1259dba6443c73ace431f6c329eaf0c7e3dbfe0dd2dfd1071a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
    Filesize

    502B

    MD5

    b2085d6eb680e744f0fcff428ec55736

    SHA1

    360492029c1f39d1f25b39fec605a3c4e5892b2f

    SHA256

    388e2114ab0ef193f4346fc6848aab576943cb455b35a5df9c8121093ad72c1b

    SHA512

    25fbdf0c21ec0822fac714b4fe54aea8fe5a554de2adb703f25dbf8b2b47d376403111c1824e40a30dd8cdf722aaaf04b97d649d871b9abc8bca9362798b5be3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_3AF0FDC80EA858911339035786739FF3
    Filesize

    520B

    MD5

    9a17a831fed86cd9d9f4795c3adc4e49

    SHA1

    d38c7310e636e76c3a071bdbdb83e05298ef807f

    SHA256

    27d1f48410239bc74edede695779ed0bb00cf171f58b244c8ce1a7976507be96

    SHA512

    8412a93184f22be56ccb23b4a26c84a4655e06a7708cd493483d691c5e8d9bf46f864201c4767dff282c9ba81fcb3b1b9481efb43374264e991632c3ac6369af

    Download Submit

  • C:\Windows\4bcf18
    Filesize

    4KB

    MD5

    5fa263ec933a0699400a3dbdc54b9bc1

    SHA1

    0397a2a4988dfef90bfeddff16c532005b355c57

    SHA256

    85e334d922908bbbc35841a8f72b7dd673c05eb1321890b1d217a911566dcf2b

    SHA512

    cb317c048b5e71d1281b87cfd743024fcdf61f0cf476b5ab64c79198e4e01656a9b7c81ca63edde4a9472f8ad795e33b15de74f1c79d2a986a9d390bdeadfa49

    Download Submit

  • memory/3436-6-0x0000000002930000-0x00000000029A9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3436-15-0x0000000002930000-0x00000000029A9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3436-5-0x0000000002080000-0x0000000002083000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3436-4-0x0000000002930000-0x00000000029A9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3436-3-0x0000000002080000-0x0000000002083000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4428-13-0x0000000000610000-0x0000000000712000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4428-0-0x0000000000610000-0x0000000000712000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4428-24-0x0000000000610000-0x0000000000712000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4428-25-0x0000000000610000-0x0000000000712000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4428-29-0x0000000000610000-0x0000000000712000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4428-41-0x0000000000610000-0x0000000000712000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4428-56-0x0000000000610000-0x0000000000712000-memory.dmp

    Filesize

    1.0MB

    Download