Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

63c19c7455...35.exe

windows7-x64

10

63c19c7455...35.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    17/01/2024, 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63c19c7455a53a22cf54e1702b6a8135.exe

  • Size

    225KB

  • MD5

    63c19c7455a53a22cf54e1702b6a8135

  • SHA1

    5168f14e587c20594d18025dd963034b13b44d6b

  • SHA256

    6547ddbba9b3755b5148ef1f3be2b79bb9f343ae7fc7a32ddc12cd4e23264472

  • SHA512

    9935789a8580a24b2f34b6437cb93363500d9ff27caa2b8d739c754d669a09f7458dc08e44432cdebe6a878ef25b37013eb395a4e70f9e22f1bfaf4d22035333

  • SSDEEP

    6144:jifllYvyncBMd5LiyJppD7KOCMcjHKoAZ:akvtQt6/

Score
10/10
evasionpersistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 14 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 11 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\63c19c7455a53a22cf54e1702b6a8135.exe
    "C:\Users\Admin\AppData\Local\Temp\63c19c7455a53a22cf54e1702b6a8135.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Autorun.inf
    Filesize

    36B

    MD5

    8fd0c671d0aa134b94a65a96699ad296

    SHA1

    1bcf25ab543d466a5b5300a0405a59dfdf41f060

    SHA256

    45367c0ba6a52283a0d20833245fedc8ec3877724d57efa2aaf6628f5ebf07e2

    SHA512

    35502dc1da45fa9c9819ac4b9902d14e844f547afe0328698a467a9a47079d11c2a4fc6f9c523509bcb0114d6744e625267435805d4943cbc43932a288605c90

    Download Submit

  • C:\svhost.exe
    Filesize

    225KB

    MD5

    63c19c7455a53a22cf54e1702b6a8135

    SHA1

    5168f14e587c20594d18025dd963034b13b44d6b

    SHA256

    6547ddbba9b3755b5148ef1f3be2b79bb9f343ae7fc7a32ddc12cd4e23264472

    SHA512

    9935789a8580a24b2f34b6437cb93363500d9ff27caa2b8d739c754d669a09f7458dc08e44432cdebe6a878ef25b37013eb395a4e70f9e22f1bfaf4d22035333

    Download Submit

  • memory/2984-433-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-523-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-126-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-226-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-248-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2984-333-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-0-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2984-615-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-702-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-827-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-919-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-1013-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-1203-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-1295-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2984-1371-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download