Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7324f00bd7...15.exe

windows7-x64

7

7324f00bd7...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7324f00bd75b6feb0fae0783c2fb6c15.exe

  • Size

    691KB

  • MD5

    7324f00bd75b6feb0fae0783c2fb6c15

  • SHA1

    f68d0b69134fe33c2131706338ff7135a5197519

  • SHA256

    6adeb5f78a223c558b233b3474f4c65a993f61895f2a2b176b1a38c76d6a8522

  • SHA512

    8f2817a0a18ca37a08b6fdfb5c24501f420daddf848f77eaccae1bf50a292171491beb9efc7104d02885fc0bddec1c6e85887f8426dadce80ac068737ab9bdba

  • SSDEEP

    12288:UTHxGNKvvQtEXh4FarF7Uz0bBMOzr9zF3Z4mxxUDqVTVOC7:UTHxGNKIZF+F4zciO1zQmXDVTz7

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7324f00bd75b6feb0fae0783c2fb6c15.exe
    "C:\Users\Admin\AppData\Local\Temp\7324f00bd75b6feb0fae0783c2fb6c15.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\uninstal.bat
        3⤵
          PID:2836
    • C:\Windows\win32.ini
      C:\Windows\win32.ini
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2732

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
        Filesize

        615KB

        MD5

        44c77ebc9232bb9b2998076b730b6383

        SHA1

        0e04fcfa7ed04e5e9ec6753155186640e252349a

        SHA256

        f7478a3e0e64fb5322c5f400901a9a197d54c063fb5c6a20484b9411f585b7f7

        SHA512

        2bea23d2a8406e2026519c1afb78f52864edc21436e6f3e389195d0f52775f9d5e884baf9866c68d0306fd53de61f6eff934dcabf0484b1caa0e9bf7760c2583

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
        Filesize

        465KB

        MD5

        b88024e47dbc89652cb254f737ccbf77

        SHA1

        2093aaf14d9a6ff4a20b47bac83998a16aef3a6b

        SHA256

        656bd1d6a4b5b6e63e111a8fad539adceae738aa895273068de1cc4ba4bdbfb4

        SHA512

        1872bce2f2646ec8756779263c9c491cc29fdc0a97b25785d035884a459d13fe6ad461238b7b3e8f34a23d4498825d6abcc04b86cf606dc673756ab452888c91

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
        Filesize

        263KB

        MD5

        1a4051ffe9b4e2cf2d8817ae2e801ef9

        SHA1

        ac703d58e81ae3b2b4fc3b2660dd8a4b5ab007ad

        SHA256

        5127ce0da2d85a028a16b19d1d5b11ab44d49dd8a53993e005449fddde28a031

        SHA512

        28024dff989c8f6995f9c782526c009e144a71506021a92b1949964eb5adbf6299b425ab466a2cedb55e0df09c2488e0d278df3283cf2b6e0675d7f1bce652e1

        Download Submit

      • C:\Windows\uninstal.bat
        Filesize

        150B

        MD5

        72f9d376b476a7a6936991161cfeb888

        SHA1

        ea53941d2d65213eed7aac7f29f897ecdb34344f

        SHA256

        061cf610c4430e21066e13c91c49e6885cdcb24501095f1f8839e82d3a1d6a02

        SHA512

        543f9178e376d60544d75981c259bbb4ab603411febb991507c25ddb904bf6e934d05173de5632823d53aaee13ee6f8a623179b26d8a6d134104d47e9dbaeaf5

        Download Submit

      • C:\Windows\win32.ini
        Filesize

        798KB

        MD5

        548cae355cbc569066fa168ce14252ed

        SHA1

        3c9a20dcbfccb8d1ec74dd82bb869c9e43ab9c6e

        SHA256

        9b67a8aefd0df28dc645d75036a9cee451e7285cd8816abcf0e98afb733470bc

        SHA512

        4f51a1d9c9b12ec137025560796d0095d1a78798adc1b0bbbabc487c24891d795ded11aeb2fb2c8485217bc48ac77e1ce8c9e872ade87745962fcda337a6d611

        Download Submit

      • \Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
        Filesize

        594KB

        MD5

        60ac8cc74db8d5edfbeb0b9911de9ea7

        SHA1

        f836fe1ed105fa7c9821bfc0e17f37633f2f05fc

        SHA256

        2333ae24313af3c615c7e94677e285e8ba941ab6d79fd3c6c9815a95a5be9a74

        SHA512

        9c40f412b76986f12a090b2952d6363f01f435e2ea7f1ec67720d6b748692b02ab888674f281f5884c10e862611d111b531f54fa5ebcea6ecb9e8a1b27a32516

        Download Submit

      • \Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
        Filesize

        635KB

        MD5

        3c42632d7bfdb8d910ad143084154cff

        SHA1

        e1fc4dba93049defaf6e3a8e68baaea770354670

        SHA256

        74f585263e1d241ea8006e1c43fcbe34df61fb63fa52ca0098bfca3d093e4645

        SHA512

        8a47af4639c051d7cdfc6480b6f2efb21ca6ba0cc7a3d09a5d890c157313ba608cc667bb718c52f0dd9df9e2cf8de87dadbd7bb6e491cc60f0587324f8b65d90

        Download Submit

      • memory/2084-20-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2084-34-0x0000000000400000-0x00000000004D1000-memory.dmp

        Filesize

        836KB

        Download

      • memory/2188-6-0x00000000004C0000-0x00000000004C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-1-0x00000000001C0000-0x0000000000214000-memory.dmp

        Filesize

        336KB

        Download

      • memory/2188-8-0x00000000004F0000-0x00000000004F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-0-0x0000000001000000-0x0000000001113000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2188-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-4-0x0000000000460000-0x0000000000461000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-9-0x0000000000470000-0x0000000000471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-3-0x00000000004D0000-0x00000000004D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-2-0x0000000000480000-0x0000000000481000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-10-0x00000000004A0000-0x00000000004A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-35-0x0000000001000000-0x0000000001113000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2188-7-0x00000000004B0000-0x00000000004B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2188-36-0x00000000001C0000-0x0000000000214000-memory.dmp

        Filesize

        336KB

        Download

      • memory/2992-27-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2992-38-0x0000000000400000-0x00000000004D1000-memory.dmp

        Filesize

        836KB

        Download

      • memory/2992-40-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2992-43-0x0000000000400000-0x00000000004D1000-memory.dmp

        Filesize

        836KB

        Download