Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/01/2024, 06:52

General

  • Target

    7403f55d628688afbfd7e05cd5c27745.exe

  • Size

    108KB

  • MD5

    7403f55d628688afbfd7e05cd5c27745

  • SHA1

    db263c0be17efc4c7b53b9badb96df7cfeb4761c

  • SHA256

    cc30d0840f3109070e558d8c9fc113fc582e8ef91344c74e360ebbe1a62df319

  • SHA512

    212408a2293ee837da24bab9584adbe46c5d00a751143088a0d57c71b31e2c05fc26e0bbf7a8886d67dc2cfca1053689cd85e0c00b2df6c5e570d2e4423b6fa1

  • SSDEEP

    3072:ed1qCcXqjW4yRq4XrCoa/5c268NsQA+inB1qpfYU8:edaOjy8Smo1260Q+iB18fY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Windows directory 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7403f55d628688afbfd7e05cd5c27745.exe
    "C:\Users\Admin\AppData\Local\Temp\7403f55d628688afbfd7e05cd5c27745.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\inf\Https.dll

    Filesize

    129KB

    MD5

    725b2bca81693a0f6c6fa53bbd70b43a

    SHA1

    94bc84e3aec060ad304a95c7ee9f711ac229c4f9

    SHA256

    70536818eed11a42358234c12b841fadc35b368df32f51766b0abc780a510e4e

    SHA512

    93d711f0aaa80a22e9ab38d03e1bac50b3f12260daefd5f76e4ce742590d7b18f0c71619137103001ffea95a0f97b7e9fe47f4969b80d56af4cbe05b765d66e5

  • C:\Windows\inf\Https.sys

    Filesize

    16KB

    MD5

    2de012f51bb1405de2a0252b9ee956d1

    SHA1

    82ce85a4353bad2a76c50f475de51bd4b5aeb226

    SHA256

    54cba28e4813b9e3ee154d68bb77b9b5c14aa0a74549cdbfbbabeeb86ccf17fb

    SHA512

    c7fe6206ea3f3632a19f6c788c77d1d2bc304170b9ebabdc9d398f01e145a8af7ab17973afa3be0c390c2a2e3c3d61babbecbdba504a2b51502d5ff372e79a48

  • \Windows\IME\helps.txt

    Filesize

    40KB

    MD5

    84799328d87b3091a3bdd251e1ad31f9

    SHA1

    64dbbe8210049f4d762de22525a7fe4313bf99d0

    SHA256

    f85521215924388830dbb13580688db70b46af4c7d82d549d09086438f8d237b

    SHA512

    0a9401c9c687f0edca01258c7920596408934caa21e5392dbaefc222c5c021255a40ec7c114a805cdb7f5a6153ec9fa9592edcc9e45406ce5612aa4e3da6a2c4

  • memory/2496-0-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

  • memory/2496-33-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB