Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7345e92b8c...69.exe

windows7-x64

3

7345e92b8c...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7345e92b8c434600003f1440d40b5569.exe

  • Size

    71KB

  • MD5

    7345e92b8c434600003f1440d40b5569

  • SHA1

    f7ea424eab6519bf070d79e4286d526171d4e50c

  • SHA256

    ad45617ba5cad264fba8428616d3a7ea425828119b9b65586c5755e95eb5bb78

  • SHA512

    4af953262d4f5b4b91cae27aa6d30af1fd4452c48c5daa86ef2192184176868834a2a096c5609d4d6e4816bbead619b6d079a6af32587f96c22e5fb53214432d

  • SSDEEP

    1536:aGW7+MJFBwiJDALEnfUXsIOKPSkN68gzUGGT6SVKPnRBuT0KcAyjN:aGc+MJFOZmMX2ijVgzUGGTh+RB+0vN

Score
7/10
persistenceupx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:612
    • C:\Users\Admin\AppData\Local\Temp\7345e92b8c434600003f1440d40b5569.exe
      "C:\Users\Admin\AppData\Local\Temp\7345e92b8c434600003f1440d40b5569.exe"
      1⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4996
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Windows\system32\vtUkhgfD.dll,a
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:2520
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\removalfile.bat "C:\Users\Admin\AppData\Local\Temp\7345e92b8c434600003f1440d40b5569.exe"
        2⤵
          PID:2408

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\removalfile.bat
        Filesize

        43B

        MD5

        9a7ef09167a6f4433681b94351509043

        SHA1

        259b1375ed8e84943ca1d42646bb416325c89e12

        SHA256

        d5739a0510d89da572eb0b0d394d4fb4dd361cd9ee0144b9b31c590df93c3be7

        SHA512

        96b84cd88a0e4b7c1122af3ed6ce5edf0a9a4e9bf79575eadfac16b2c46f1278d57755d29f21d7c6dcb4403be24b7ac7da4837c6cc9c602342a8f2b8e54883df

        Download Submit

      • C:\Windows\SysWOW64\awtustsp.dll
        Filesize

        43KB

        MD5

        02a2b1e9f7551ee28b40224ddb628086

        SHA1

        2869a7dcfed1c4a0b35e4c9a3aa8136933674068

        SHA256

        04781942f4f8e6db2f714bea9c89eace7e86653f8ac29908a95d13bccdd0099f

        SHA512

        74b182e2850db9b22d018eb9ff3352b8bb3c1996781e7338e26ce71ee7a5fd6a981fbca63a607520977e65e12cda6fef5f6a3187016af44bfb0a700cd25104e3

        Download Submit

      • memory/2520-36-0x0000000010000000-0x0000000010014000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2520-35-0x0000000010000000-0x0000000010014000-memory.dmp

        Filesize

        80KB

        Download

      • memory/2520-34-0x0000000010000000-0x0000000010014000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4996-11-0x0000000010000000-0x0000000010014000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4996-0-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/4996-12-0x0000000010000000-0x0000000010014000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4996-13-0x0000000002BB0000-0x0000000002BB9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/4996-15-0x0000000010000000-0x0000000010014000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4996-23-0x00000000005B0000-0x00000000005C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4996-4-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/4996-3-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/4996-2-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/4996-1-0x00000000005B0000-0x00000000005C0000-memory.dmp

        Filesize

        64KB

        Download