Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5c093f72d1...74.exe

windows7-x64

7

5c093f72d1...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2024, 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c093f72d1ac9fa97d0d5289655e7d74.exe

  • Size

    46KB

  • MD5

    5c093f72d1ac9fa97d0d5289655e7d74

  • SHA1

    9b8fd11233416fe520cda2be289775850bbf3cd1

  • SHA256

    8aa82fd500e80cc53263f05b916ea7a4a0eb3ed5b54ce3ed98e02fff45d739f5

  • SHA512

    a7940f1505eef9e345f0f2d6a0eb3b96adabbb3955a65de55e1e10166aceef676991fe56aafad18fa459d2b706ba234e6692384400dbed47c27b863a217009b9

  • SSDEEP

    768:Y4rPIkz0ABBt5BeIPH/ceMdehVikgsGhbfk3p9g0MUnl+vb/ebWI17hhfCEX:mkzLz9/hMdyEkgsF3p9JMUnAT2a2hhfR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 19 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c093f72d1ac9fa97d0d5289655e7d74.exe
    "C:\Users\Admin\AppData\Local\Temp\5c093f72d1ac9fa97d0d5289655e7d74.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\SysWOW64\cfgload32.exe
      C:\Windows\system32\cfgload32.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\cfgload32.exe
    Filesize

    43KB

    MD5

    ea33fc3fa2fd612f5c669b994d9c332c

    SHA1

    4e1605866e3a438bfb111c9b40e03b7c52997bee

    SHA256

    375c88f540e7e22e32d0dd43db5c3a23439a94df5a6da6aa8848e602bab1de51

    SHA512

    78f270637eb5da42dd1ec6013f6b85248aeae24f2829515049f34647d9aa37cd5cd7ad93d9632d65cf6bd652a40b07a0ecce224e86a1481e7ea92bd8b8bf403e

    Download Submit

  • C:\Windows\SysWOW64\cfgload32.exe
    Filesize

    46KB

    MD5

    5c093f72d1ac9fa97d0d5289655e7d74

    SHA1

    9b8fd11233416fe520cda2be289775850bbf3cd1

    SHA256

    8aa82fd500e80cc53263f05b916ea7a4a0eb3ed5b54ce3ed98e02fff45d739f5

    SHA512

    a7940f1505eef9e345f0f2d6a0eb3b96adabbb3955a65de55e1e10166aceef676991fe56aafad18fa459d2b706ba234e6692384400dbed47c27b863a217009b9

    Download Submit

  • memory/2016-0-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2016-12-0x0000000000810000-0x0000000000852000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2016-10-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2016-3-0x0000000000810000-0x0000000000852000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3068-13-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download

  • memory/3068-11-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

    Download