Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

791f0783cb...e5.exe

windows7-x64

10

791f0783cb...e5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2024, 03:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    791f0783cb80857750f0b4517bea28e5.exe

  • Size

    264KB

  • MD5

    791f0783cb80857750f0b4517bea28e5

  • SHA1

    ea1dd76fc739408f5217508f7d33fc7eb8f44471

  • SHA256

    93a5d02ccd5a56c9d55ce74789b0e8164966386fa52ec6db261525e190bfeb92

  • SHA512

    ba97e100d3f403b352bd3af0f581a29a69bf799441723c679da58ff069628e2c66abad5c009c13c31e12bb06774e05258449efe2ebe3f567c1f42e25a6be3453

  • SSDEEP

    6144:qvXipyq9Ant8ppCZre+1HUNxFmIkIftoZqn/fIM27pHL7ejeT4EKdiK:qvXipyHt8pp4rL105P/27pHPeqe

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\791f0783cb80857750f0b4517bea28e5.exe
    "C:\Users\Admin\AppData\Local\Temp\791f0783cb80857750f0b4517bea28e5.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3416
    • C:\Users\Admin\nbxiox.exe
      "C:\Users\Admin\nbxiox.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\nbxiox.exe
    Filesize

    264KB

    MD5

    c68f88e40d3570ac8dac8fb10fced320

    SHA1

    99595b6d106bdba83385909531c3043f42dc8820

    SHA256

    bfa0fc198639e6c0ae1277d9885f9d7301a080f8eea5224274005079236b7cc2

    SHA512

    90977a53d49de7484d598711070d139f72546f5b87f45191a3adc065c618ee7a58948bedf7dabcab4ae7e5c6335521222b32dd040ff2de3c6a6fbdc6a48ad861

    Download Submit

  • memory/2180-34-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2180-38-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3416-0-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3416-37-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download