Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

5b1bb570b2...d0.exe

windows7-x64

8

5b1bb570b2...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14/01/2024, 11:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b1bb570b22d6dbdaadf8d865e1be7d0.exe

  • Size

    95KB

  • MD5

    5b1bb570b22d6dbdaadf8d865e1be7d0

  • SHA1

    5be6ee5cd172ea94efa6ae49259354814d6f09c4

  • SHA256

    1174aa31c999a21faa49b765757c164b3d51a6e85cff1e9fdf184eb785ef1b32

  • SHA512

    bd63d6a5548b1239fed72c29965ddb84fd216c1be2f4fa2a85c088d335395930b1b7434520f0ca7537ad34400be24128372fdcacd46b0ffa5e7921fb36731f43

  • SSDEEP

    1536:HC6g2KL+bD/wWQQZ55z+N0uJ+nL1UWQS2P0Fz2wAJLHPW8kwpDqPSi1VAlaU9/E0:HCz2KmD/wWHcRIn5UzSJVAVPW6q7Alai

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Drops file in Drivers directory 4 IoCs
  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b1bb570b22d6dbdaadf8d865e1be7d0.exe
    "C:\Users\Admin\AppData\Local\Temp\5b1bb570b22d6dbdaadf8d865e1be7d0.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Drops file in System32 directory
    PID:2232

Network

  • flag-us
    DNS
    tmp.farfly.org
    5b1bb570b22d6dbdaadf8d865e1be7d0.exe
    Remote address:
    8.8.8.8:53
    Request
    tmp.farfly.org
    IN A
    Response
No results found
  • 8.8.8.8:53
    tmp.farfly.org
    dns
    5b1bb570b22d6dbdaadf8d865e1be7d0.exe
    60 B
     142 B
     1
    1

    DNS Request

    tmp.farfly.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2232-0-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2232-9-0x0000000000400000-0x0000000000434000-memory.dmp

    Filesize

    208KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.