Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

76212907c5...cd.exe

windows7-x64

10

76212907c5...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76212907c56daa43aea1925a484653cd.exe

  • Size

    304KB

  • MD5

    76212907c56daa43aea1925a484653cd

  • SHA1

    e778bea033b55157f8a130c63837fd51c2cda2d5

  • SHA256

    966b38ed11edf30d6104080cf540c004a85db0dd369a60129b323f4f6f186ffb

  • SHA512

    4f804d391cefb5d30640e854c43c5d98e2a9b72bb2c17a29582dca4f510ba9eba74d8b4c6e986b85d535e747940324e0909d9eb5ce7f9c3bac1011f6373a6e64

  • SSDEEP

    3072:OPGOaEaAaTG0kZSmA2iGPxqc+ttMop2aEaLFra+7pvPSvBkX:j4AJOatylaRSG

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76212907c56daa43aea1925a484653cd.exe
    "C:\Users\Admin\AppData\Local\Temp\76212907c56daa43aea1925a484653cd.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\seoaz.exe
      "C:\Users\Admin\seoaz.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\seoaz.exe
    Filesize

    304KB

    MD5

    22641e6751ea4aa76b72972bb382bfba

    SHA1

    d198be17fcacb29739569dbcf4af726768075bf9

    SHA256

    ccad32ccab6b494d5dd77109c7f79343d76620d00d7d139ff805beb6d6c19fb4

    SHA512

    b77fea08cc5c1916ea47e74f5b7a2d5731ee5193ca86d614743113e97c69fc7de7cb6cd1bb27c74c5c7a488fd334e863bce7d037ef145a9e8994a00396a3b3db

    Download Submit

  • memory/1600-15-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2148-0-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2148-13-0x00000000035F0000-0x0000000003656000-memory.dmp

    Filesize

    408KB

    Download