Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

76bc047ad4...6f.exe

windows7-x64

7

76bc047ad4...6f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/01/2024, 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76bc047ad4ba6c2667ed9dfbfe5e0e6f.exe

  • Size

    594KB

  • MD5

    76bc047ad4ba6c2667ed9dfbfe5e0e6f

  • SHA1

    9f8f33b8032b3f532282ab1ca6310f781f4a641e

  • SHA256

    92a51390713465d6370c27575ede39dda9097144081eb0daf916fdfeb7ca1049

  • SHA512

    fc349c32c975c3b8445fc138646969c90ac14348bed88338327b648fbc0faa9465f797fa27ab431aae63d97c99cc589376da17e50c2006cb007715e55ac022e4

  • SSDEEP

    12288:Frp/OYD6GzozbigFc6kF3Z4mxx+laSsuEXAVDZoSD:FrF36EozbRc9QmX+ltsuEWWg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76bc047ad4ba6c2667ed9dfbfe5e0e6f.exe
    "C:\Users\Admin\AppData\Local\Temp\76bc047ad4ba6c2667ed9dfbfe5e0e6f.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3704
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
      2⤵
        PID:4260
    • C:\Windows\G_Server1.23.exe
      C:\Windows\G_Server1.23.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of FindShellTrayWindow
      PID:4672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Delete.bat
      Filesize

      186B

      MD5

      70c348f61937ff9790caefb8125741b7

      SHA1

      c13705f440ec8a6bb1091adecabe138995cc6e54

      SHA256

      ae83e3828532d71f7feb068dd8f06f0b643894feea3ab7b3253020d5158cb919

      SHA512

      01817fde9cd95814238b77e8404a6004681990f2e13d2c7a199abb2b595c514577bb0b6961079a71f1c4702abe2e68b13aac7e001b71dafa475669f4d6b0a119

      Download Submit

    • C:\Windows\G_Server1.23.exe
      Filesize

      594KB

      MD5

      76bc047ad4ba6c2667ed9dfbfe5e0e6f

      SHA1

      9f8f33b8032b3f532282ab1ca6310f781f4a641e

      SHA256

      92a51390713465d6370c27575ede39dda9097144081eb0daf916fdfeb7ca1049

      SHA512

      fc349c32c975c3b8445fc138646969c90ac14348bed88338327b648fbc0faa9465f797fa27ab431aae63d97c99cc589376da17e50c2006cb007715e55ac022e4

      Download Submit

    • C:\Windows\G_Server1.23.exe
      Filesize

      591KB

      MD5

      bb6d1d9129b582bd695d3ae0f5808c1d

      SHA1

      3ba5f08da076619ee31bbacd9c01ff9c4a960330

      SHA256

      3b6fbe95268d664646d3a73b1b56bd05261cc298a8301867e64237c2aa403674

      SHA512

      8d32a0567f7a1e9323d332ab1067e2d5b4a6acfac0c44758136a8acb8202065f6ec91978aa71ad036eb6cc288d24a40907187b4b7bfb802708b6505116b659ca

      Download Submit

    • memory/3704-0-0x0000000000400000-0x0000000000505000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3704-1-0x00000000022E0000-0x0000000002334000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3704-2-0x0000000002550000-0x0000000002551000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-3-0x0000000002530000-0x0000000002531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-5-0x0000000002510000-0x0000000002511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-4-0x0000000002580000-0x0000000002581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-7-0x0000000002570000-0x0000000002571000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-8-0x0000000002560000-0x0000000002561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-6-0x0000000002500000-0x0000000002501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-9-0x0000000002590000-0x0000000002591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-10-0x0000000002520000-0x0000000002521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-11-0x0000000003500000-0x0000000003501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-13-0x00000000035F0000-0x00000000035F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-12-0x00000000034F0000-0x00000000034F4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/3704-17-0x00000000022D0000-0x00000000022D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-18-0x0000000003530000-0x0000000003531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-21-0x0000000002710000-0x0000000002711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-20-0x0000000003510000-0x0000000003511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-19-0x0000000003520000-0x0000000003521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-16-0x00000000022C0000-0x00000000022C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3704-30-0x0000000000400000-0x0000000000505000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3704-33-0x00000000022E0000-0x0000000002334000-memory.dmp

      Filesize

      336KB

      Download

    • memory/4672-32-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-43-0x0000000002070000-0x0000000002071000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4672-29-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-31-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-25-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-24-0x0000000000400000-0x0000000000505000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4672-34-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-35-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-39-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-40-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-41-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-46-0x0000000002080000-0x0000000002081000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4672-48-0x0000000001090000-0x0000000001091000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4672-49-0x00000000020F0000-0x00000000020F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4672-47-0x00000000009E0000-0x0000000000A34000-memory.dmp

      Filesize

      336KB

      Download

    • memory/4672-45-0x0000000002090000-0x0000000002091000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4672-44-0x00000000020A0000-0x00000000020A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4672-27-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-42-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-38-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-37-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-36-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-51-0x0000000000400000-0x0000000000505000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4672-52-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-53-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-55-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-56-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-57-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-58-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-59-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-61-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-60-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-62-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4672-65-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-64-0x0000000001F20000-0x0000000001F60000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4672-63-0x0000000001F60000-0x0000000002060000-memory.dmp

      Filesize

      1024KB

      Download