Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

6fb51927c8...a5.exe

windows7-x64

7

6fb51927c8...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2024, 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fb51927c83cbc82696030ce4c3222a5.exe

  • Size

    74KB

  • MD5

    6fb51927c83cbc82696030ce4c3222a5

  • SHA1

    89845bf72a542836158afff4986e84d9fbea26a9

  • SHA256

    dfb1c10ae39b8b81badba43646d271868c4c39d1d1e59c8b17847428f650cff3

  • SHA512

    595de0519ee4876925438b38e7b2f172df3abd0bd5da58b1832c1f73dfafec4f8183d5fd721ad8ead93af50ffc986d45bcb0f26af7429a01fe016b2319dce5bb

  • SSDEEP

    1536:SCmN+K8/Qe1fThSC7Tf3FJ+76m4o9F2j4wEpkkCe+aF:SCY+N/QedhSC7r3X66m9EGkA

Score
7/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fb51927c83cbc82696030ce4c3222a5.exe
    "C:\Users\Admin\AppData\Local\Temp\6fb51927c83cbc82696030ce4c3222a5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Users\Admin\AppData\Roaming\netprotocol.exe
      C:\Users\Admin\AppData\Roaming\netprotocol.exe
      2⤵
      • Executes dropped EXE
      PID:1640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\netprotocol.exe
    Filesize

    74KB

    MD5

    d4d21da64f1044576c05cb1a567b7772

    SHA1

    c6eb7479c7aac8502fc25b8e1c5d7d159bd5049e

    SHA256

    88b1cdffcf4673028dcefa10c09619bf35db57e1f0e3e90eadc2bbfa8a4c1ec1

    SHA512

    bdd1ac16d4c54e079c188437e5d1aa2cb4189f9da40cde6fa344410dbd2d0ce7a35c993703e94fd36c4b6a0b897b58c056f118613a173377729168611d600444

    Download Submit

  • memory/1268-0-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1268-1-0x00000000003A0000-0x00000000003A3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1268-3-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1268-10-0x0000000000440000-0x0000000000471000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1268-14-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1640-12-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1640-13-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download

  • memory/1640-15-0x0000000000400000-0x0000000000431000-memory.dmp

    Filesize

    196KB

    Download