Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

66880a2497...e1.exe

windows7-x64

7

66880a2497...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 01:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66880a24978f13e420776c063053a1e1.exe

  • Size

    356KB

  • MD5

    66880a24978f13e420776c063053a1e1

  • SHA1

    71f3e168a521ba92ae19357509fd18864106fc8d

  • SHA256

    1bb9588fd26b7e497492acd74dc8fe42fc58059e8c42d4e463e4152d80d2719b

  • SHA512

    eba0d9f3c01a78fca542354ef610567e956f1854280f683b93c639032d0129f16614feff92db57fdca626ff332c0dcc9cc115a416ec229d38ede0dd477d17718

  • SSDEEP

    6144:7vbx8nj6JlwPJ+Op9IpF/IUj7H1cAI1Pcq/7FSRUQHE:7uj6JlwB+OQhICL1cA+Pdz9

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 3 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66880a24978f13e420776c063053a1e1.exe
    "C:\Users\Admin\AppData\Local\Temp\66880a24978f13e420776c063053a1e1.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1188
    • C:\Users\Admin\AppData\Local\Temp\66880a24978f13e420776c063053a1e1.exe
      "C:\Users\Admin\AppData\Local\Temp\66880a24978f13e420776c063053a1e1.exe"
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\ProgramData\WK9m2PYDw\2gj4KKjpO7pNf0GL.exe
        "C:\ProgramData\WK9m2PYDw\2gj4KKjpO7pNf0GL.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:1844
        • C:\ProgramData\WK9m2PYDw\2gj4KKjpO7pNf0GL.exe
          "C:\ProgramData\WK9m2PYDw\2gj4KKjpO7pNf0GL.exe"
          4⤵
          • Deletes itself
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:2940
          • C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe
            "C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe" /i:2940
            5⤵
              PID:2732

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\WK9m2PYDw\2gj4KKjpO7pNf0GL.exe
      Filesize

      15KB

      MD5

      6266bf27c22b70e2d21cafe377601b05

      SHA1

      97b97c0d5d6878d7dec249934acd77c2598f2a72

      SHA256

      55d7a68c98cb00a95eedaabbacc2504bdd97e1c2732ef8966bcfc1c6cdec6adf

      SHA512

      746807b550a76e9471e48334569d49d1eb4705453ef9cf21f096df9dfdd2182137f172a7d0c5f38d9932c64c4c20c026533c01d134bc12207fd6bbd34341d4c2

      Download Submit

    • C:\ProgramData\WK9m2PYDw\2gj4KKjpO7pNf0GL.exe
      Filesize

      239KB

      MD5

      26882f5c40ba24922aaec7d205148b08

      SHA1

      d4de6af07e665fd3b3ac4ebdf42abe238720f63b

      SHA256

      9c081a7e772fdb37c606899d1bbeaf85cd83a6dcd3ce253de87736f5b96ae2a5

      SHA512

      91ad396bb15cae1c34ca7834534408a444a95f9266a459302c7e9b85d6009b4842761131870a0a0513fe26ad4c09f11d1bbb41cc5f66193f21711bbf09c68776

      Download Submit

    • \ProgramData\WK9m2PYDw\2gj4KKjpO7pNf0GL.exe
      Filesize

      356KB

      MD5

      66880a24978f13e420776c063053a1e1

      SHA1

      71f3e168a521ba92ae19357509fd18864106fc8d

      SHA256

      1bb9588fd26b7e497492acd74dc8fe42fc58059e8c42d4e463e4152d80d2719b

      SHA512

      eba0d9f3c01a78fca542354ef610567e956f1854280f683b93c639032d0129f16614feff92db57fdca626ff332c0dcc9cc115a416ec229d38ede0dd477d17718

      Download Submit

    • \Users\Admin\AppData\Local\Temp\ZZWxZ6LKnlX.exe
      Filesize

      67KB

      MD5

      8802e9346791d0d181e107b88109276f

      SHA1

      293b7e748cd2542fa806624e61fe2f62cadfa8ad

      SHA256

      85cf74d0758c55c3b6eaba3b2d60eecade4227beceb661e435ef1e0b24f67fce

      SHA512

      3a9782709fb535622e8bb271bad6642dc0ce736dba89a4fae5cdbb0b3c813f75080aa18b913b98644447cfd2860f493871d2f6a0368e3c8d963a76a3059f4415

      Download Submit

    • memory/1188-9-0x0000000077740000-0x0000000077850000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1188-0-0x0000000077740000-0x0000000077850000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1188-6-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

      Download

    • memory/1844-40-0x0000000077740000-0x0000000077850000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1844-37-0x0000000000400000-0x0000000000464000-memory.dmp

      Filesize

      400KB

      Download

    • memory/1844-31-0x0000000077740000-0x0000000077850000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2524-8-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2524-25-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2524-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2524-10-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2524-7-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2524-5-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2524-1-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2732-47-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2732-52-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2732-55-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2940-42-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2940-53-0x0000000000400000-0x000000000045E000-memory.dmp

      Filesize

      376KB

      Download