Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

67f24f2e80...21.exe

windows7-x64

7

67f24f2e80...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67f24f2e800017f7ea47e9a3a1d80c21.exe

  • Size

    242KB

  • MD5

    67f24f2e800017f7ea47e9a3a1d80c21

  • SHA1

    b2378ea5b5e39ee9e414a43d177fd7e80336f55c

  • SHA256

    0dec7ce332f469c29e665117cbd9eeb43f69aab8ad33c2c5f13eb9952579d711

  • SHA512

    fabc5c3a6980c13d2dee0b8df5a2e620822e4e7d53c45a7030f3c8114d59fd27c6aa7ff0f4cec994d0a7435514d7f013baa15eb5a1e832733ec749d311fed72c

  • SSDEEP

    6144:12r51dhuZVXsdVIRPiGdDrIR6B7nWwtGWfHCFor7O:QLnuHXmVIticDpB7WAGV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67f24f2e800017f7ea47e9a3a1d80c21.exe
    "C:\Users\Admin\AppData\Local\Temp\67f24f2e800017f7ea47e9a3a1d80c21.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\67f24f2e800017f7ea47e9a3a1d80c21.exe
      C:\Users\Admin\AppData\Local\Temp\67f24f2e800017f7ea47e9a3a1d80c21.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\67f24f2e800017f7ea47e9a3a1d80c21.exe" /TN Google_Trk_Updater /F
        3⤵
        • Creates scheduled task(s)
        PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\67f24f2e800017f7ea47e9a3a1d80c21.exe
    Filesize

    242KB

    MD5

    8ff6825329be26da9ccd16ad03000d78

    SHA1

    888b71aad18e74a8104fee0c926cc63446d1455e

    SHA256

    4af0980cf3e6e95529f8e5c4d69fc9d1ddecde6ce2ef3609ddaeee9c32013990

    SHA512

    9487b30fc60961f068c4bc657bbea779ff03abaf20b2962b8195f7b53242b8e3780cbe625ddb2e2b815d50127285104f05b6b017b311df2ec62dcde832af46e4

    Download Submit

  • memory/2856-0-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/2856-1-0x00000000002C0000-0x0000000000377000-memory.dmp

    Filesize

    732KB

    Download

  • memory/2856-2-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2856-17-0x0000000002E70000-0x0000000002F27000-memory.dmp

    Filesize

    732KB

    Download

  • memory/2856-14-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2980-19-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/2980-29-0x00000000014C0000-0x0000000001527000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2980-24-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2980-21-0x0000000000240000-0x00000000002F7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/2980-16-0x0000000000400000-0x0000000000467000-memory.dmp

    Filesize

    412KB

    Download