Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

7bd58e6323...d4.exe

windows7-x64

7

7bd58e6323...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bd58e6323b1a7986355da73147202d4.exe

  • Size

    47KB

  • MD5

    7bd58e6323b1a7986355da73147202d4

  • SHA1

    1a7544dc9aa69b5a8a4214246b522d5a0dac9d2e

  • SHA256

    e7ecf0f4b3d92addae48cf57675fefbf5c65264b7256513222a7029168f092ea

  • SHA512

    0fbe76e47981e83556716f595d7192d4bc47c41b5098f8f56fb33a2c4f1420242db11cbf9e259452b1e73c8f22168f722d05dc044d78d65ab7e2a72705877112

  • SSDEEP

    768:URGuY2P0Vo6r7SiAwyrMRjb4f9nbcuyD7U/zUYF8FE1j3kO:yPcVo6r7S/rabAnouy8/IYF8iiO

Score
7/10
upx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bd58e6323b1a7986355da73147202d4.exe
    "C:\Users\Admin\AppData\Local\Temp\7bd58e6323b1a7986355da73147202d4.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3804
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8211.tmp\start.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3960
      • C:\Windows\SysWOW64\attrib.exe
        attrib -h -r version.txt
        3⤵
        • Views/modifies file attributes
        PID:2288
      • C:\Windows\SysWOW64\regedit.exe
        regedit.exe /s sql.reg
        3⤵
        • Runs .reg file with regedit
        PID:4952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8211.tmp\start.bat
    Filesize

    148B

    MD5

    0398fe7d763956a9a81a9489e5f64eb9

    SHA1

    716d72e0fed6213aad3e0428949dc79538a51b55

    SHA256

    e69bde63130e086838fdd3049e212578552c2b54198aae5d6c467a85f7bdac83

    SHA512

    0ef5324d1f9d784235093c761a67c0c511c7b8de2019a76ac80281bfd4fca8869ffd5484c7626f7c87171849096ac5cb85deb83cf6ba52e3b2e1fe0c6216b395

    Download Submit

  • memory/3804-0-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/3804-5-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download