Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

dotnet-run...1).exe

windows7-x64

7

dotnet-run...1).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2024, 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dotnet-runtime-6.0.12-win-x64 (1).exe

  • Size

    26.5MB

  • MD5

    b904aee532297d7bab64dcdc6dc56988

  • SHA1

    e9f7728237134666fd4cb0875465d1460e3d12b5

  • SHA256

    1f59de85b9172ce651f8e031e946534e02e58bc4dcb56e72430fe8572beb33ab

  • SHA512

    f8c6d7d379ec9ec8e39e6ca20c6015d7c2d049eecd06045818fe95e87b3e515adbdf445f83b79241248fa5a3f3093ce4bf6f7f67cb9f7e6c74e03523a70d9fd5

  • SSDEEP

    393216:LvFbxOLkfjwdSjSovAgb/kIHkKQC5MyItiK3+aFVLfoZbMlw3UJsvI/g1:LvFbxOQf0dSQgzQC52tXdi3UJs7

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dotnet-runtime-6.0.12-win-x64 (1).exe
    "C:\Users\Admin\AppData\Local\Temp\dotnet-runtime-6.0.12-win-x64 (1).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\Temp\{6723EC3A-9F94-4A9E-88C2-1E460CC03599}\.cr\dotnet-runtime-6.0.12-win-x64 (1).exe
      "C:\Windows\Temp\{6723EC3A-9F94-4A9E-88C2-1E460CC03599}\.cr\dotnet-runtime-6.0.12-win-x64 (1).exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\dotnet-runtime-6.0.12-win-x64 (1).exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{337C3D35-13A1-44CD-8E61-9138593ADC05}\.ba\bg.png
    Filesize

    4KB

    MD5

    9eb0320dfbf2bd541e6a55c01ddc9f20

    SHA1

    eb282a66d29594346531b1ff886d455e1dcd6d99

    SHA256

    9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

    SHA512

    9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

    Download Submit

  • \Windows\Temp\{337C3D35-13A1-44CD-8E61-9138593ADC05}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • \Windows\Temp\{6723EC3A-9F94-4A9E-88C2-1E460CC03599}\.cr\dotnet-runtime-6.0.12-win-x64 (1).exe
    Filesize

    609KB

    MD5

    4e457c83e119923253386bdf662073e6

    SHA1

    756bc1ade8fed0d806a101df392fcbde03be05cd

    SHA256

    8f6a150851d0e59e15d9eee220b7877fdd8e3108e04c468b5633a79244019aef

    SHA512

    db0cbc9a92371ace2e46d6394cc7688114254a774963abd6d7ec8f4d861073056706d7fc09ee6c78208cf3f3b84b33f8fe3f21a3ff140f5a18de3c63ae8095c9

    Download Submit