Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7529815744...15.exe

windows7-x64

6

7529815744...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/01/2024, 18:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7529815744bf63c794a0b4615fd85a15.exe

  • Size

    220KB

  • MD5

    7529815744bf63c794a0b4615fd85a15

  • SHA1

    eb19d2925180d4cb73755160a5f42b34d0414472

  • SHA256

    da0466e2b11673085988f5759e21a235379f71b958c804dd3953043dc3725e5b

  • SHA512

    2b241fee1e94134bee4c8c5ea5bc5665fb24297c512535eb442160f9c69df27c10263ac0aaf955db24a94dab3f7dd2bdf0dbca992283680af869e33daace91a9

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8VkgnYHfQlAL:o68i3odBiTl2+TCU//k8KfQlE

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7529815744bf63c794a0b4615fd85a15.exe
    "C:\Users\Admin\AppData\Local\Temp\7529815744bf63c794a0b4615fd85a15.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:324

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      76B

      MD5

      0455239aa0d819dac53864954c154a6a

      SHA1

      9c89dd38f098d19a79e92f6af6eb61ba1466a3b4

      SHA256

      f7fc0f19cf84f03f38210d6878518b1a3c82b9954f68eb90500294a0d0575af9

      SHA512

      7e1a81f9e732ed8dcbd3650089a1e38fa50367c06cd90e523a7adf604b5367a4ce6f376573820e1113990a9b6104f44c2abd2afdb515bb5e2421b1c48bcb90c7

      Download Submit

    • memory/324-62-0x0000000000620000-0x0000000000621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1384-67-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.