Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5803ecc0e5...e3.exe

windows7-x64

7

5803ecc0e5...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/01/2024, 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5803ecc0e58ceaaf7fae8fd93bda9fe3.exe

  • Size

    1000KB

  • MD5

    5803ecc0e58ceaaf7fae8fd93bda9fe3

  • SHA1

    573545a0ea1f8f1e295b52f2d2e640f91085f559

  • SHA256

    f203662a913d5098e3992adb1149ec6d51e0630ad9068c7aada05c24cfde2c53

  • SHA512

    f8362ccae6828eb668fde7e6c27c3da5c9aad0f380d867341096ff70e2e3c146f85aba7263c55e17bd4719bfd260ef8bc29025c41759c47a9e48298dd5bd5099

  • SSDEEP

    24576:p70nUTYCj9g7RJAxiJHDUxyRf5i1B+5vMiqt0gj2ed:pInUcCj9gtJ1jUgRf5oqOL

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe
    "C:\Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe
      C:\Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe
    Filesize

    346KB

    MD5

    49396cd8d2d84f538452fe488265f687

    SHA1

    f8257bb7894311494a618621717094687bcefe47

    SHA256

    ada4d56971e826c973ea787f07a545c73ae8ba7e228734353bf49a81a6bb2d80

    SHA512

    eed4d815a13afb09ce4a3ba23b93d7e03910f5728f247b468f6caca3efbf9988614207d4f7cc22c429ca2e5442d3a2a365c226df6aa3670791f861d2d72b757d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe
    Filesize

    332KB

    MD5

    86c85413a32bec7ea3cfe57be2c4c70d

    SHA1

    a12031f06948fa6fd7fc01d398efbf665db002c3

    SHA256

    c565f487604a679c2b694bd4fb39e7f5826852f42620c91fe7c513aa8c6e6604

    SHA512

    e861abba1b7b7abc72e09731ba0e830b78b13fe9ddd8558edbc3c99f96a74b98e075ba40a4329158d45f54c85e68137f1d0abdb20d53a608367ccc55ee263974

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab452D.tmp
    Filesize

    1KB

    MD5

    1f1a3b101012e27df35286ed1cf74aa6

    SHA1

    46f36d1c9715589e45558bd53b721e8f7f52a888

    SHA256

    7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

    SHA512

    d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar455F.tmp
    Filesize

    25KB

    MD5

    1f3f91650c0eb966b2b429b47b40ff44

    SHA1

    8845001aec7c97d9fab31e1ba3a4da2747d5e9b7

    SHA256

    07568b29ab329e81f50c40f7332a28cffc168b7933f6536fb517b4e09aff266c

    SHA512

    54fe4c1591cde0390aaa3206cde39bb898c90443ed9c0aada8df38c7e40cebcb9fe78e0792b7cf3770f0a7dca56e1442d323f8ac94fa637281a1510ab8a29b3b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\5803ecc0e58ceaaf7fae8fd93bda9fe3.exe
    Filesize

    528KB

    MD5

    6222664e876b9c9bba94b234d9c3f15d

    SHA1

    3f591690ebb1e2bda587b1cd96a0181a3ff68aaf

    SHA256

    64d46cb954e30b5cc2351ad70e870939a0281b87c8b29c434f21091077e152ea

    SHA512

    69cab459c048b6f3dae1f70eccf77dc7516773377baca930279ed10ddabdc61ce967915db529ab0e6300bc8670f3d8cd66888d1972d28a249ab00c1abcaa359b

    Download Submit

  • memory/2436-16-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2436-21-0x0000000001490000-0x0000000001513000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2436-23-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2436-24-0x0000000002CA0000-0x0000000002D1E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2436-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2900-1-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2900-0-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2900-14-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2900-2-0x0000000000280000-0x0000000000303000-memory.dmp

    Filesize

    524KB

    Download