Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

862d555f7f...2e.exe

windows7-x64

7

862d555f7f...2e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    862d555f7f10302008d6fe78ab8b022e.exe

  • Size

    749KB

  • MD5

    862d555f7f10302008d6fe78ab8b022e

  • SHA1

    35b1f1b301053e9eb0e0addc530c1893898ea352

  • SHA256

    681578d4fa37a378d08c805f74acaaab9c0f72c097888f5579554d3e4fdbf812

  • SHA512

    fd8e5ae385b89ab79e036447f3d78f7ae6df41adb746d6b7d9cb8d0a82698d698573f3326de067a8b8042ad7bb39cf45c3b3abb8677fcbc969768c8541d63eef

  • SSDEEP

    12288:ljXipx70Np/Z9xwy/bAHmdtYpkzz84cNZcu0uAimaLV+qvTOHsGiE:tX1/PWy/bAHmdWpCYNGu0emaZXqHsGi

Score
7/10
persistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 38 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\862d555f7f10302008d6fe78ab8b022e.exe
    "C:\Users\Admin\AppData\Local\Temp\862d555f7f10302008d6fe78ab8b022e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 220
      2⤵
      • Program crash
      PID:2968
    • C:\ProgramData\srtserv\862d555f7f10302008d6fe78ab8b022e.exe
      C:\ProgramData\srtserv\862d555f7f10302008d6fe78ab8b022e.exe -wait
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1104
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 220
        3⤵
        • Program crash
        PID:4572
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe C:\Users\Admin\AppData\Local\Temp\862d555f7f10302008d6fe78ab8b022e
      2⤵
        PID:408
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4644 -ip 4644
      1⤵
        PID:3024
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:1340
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4712
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1104 -ip 1104
          1⤵
            PID:116

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\srtserv\862d555f7f10302008d6fe78ab8b022e.exe
            Filesize

            128KB

            MD5

            e0669670a3e3e517e8fc4eec21540bcb

            SHA1

            9186ff25866546c71f7f072faaeb69326a701e76

            SHA256

            86d4934232276b3d213ac5e383c9bef75c424bcd1b2bfd6a16564786d6f98868

            SHA512

            f25ef0f47f89967c9d82e4eed0396be7e27acf515882851aeb1ba7d56ca6311957d9b63d59f527f1770fe1ef012be63f440bfa912d046cc480884f2bed5c99b1

            Download Submit

          • C:\ProgramData\srtserv\862d555f7f10302008d6fe78ab8b022e.exe
            Filesize

            70KB

            MD5

            2474523fa28d00c9bc0d3d8945fbe4c8

            SHA1

            48fa91de3591ecfa418cab859ad7d131840f2331

            SHA256

            7b200395ba21ae23b2d9c682250fc7837c58aa1856c7c2ddde950fb26b06c749

            SHA512

            b2510bf094fb424a3f0d551e8cf878b1bc47d61a43a39b459c0a6aa059461b0baf96406176a86d6b80bb165557070a0ee9cee2050b650a486f7d974439c2e2a8

            Download Submit

          • C:\ProgramData\srtserv\sdata.dll
            Filesize

            23KB

            MD5

            4a68bdeb219f697115c035d5f7000ee4

            SHA1

            9b3e7baaceb706b5d4f3c682806a7e27603b32f2

            SHA256

            c505c9c35bc24243aabea8e349145c9dbff2da2ca6567fe2f750d887cc3cc27d

            SHA512

            b9305d262d08171df9b7c8f937c328953ce84b621cdf37ffc74b27d84f1bf364460dc6d4da40dbb94317980699fca8b7b8a9a58a409db74baba81546b0253a34

            Download Submit

          • memory/1104-8-0x0000000000400000-0x00000000004C3000-memory.dmp

            Filesize

            780KB

            Download

          • memory/1104-11-0x0000000000790000-0x0000000000791000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1104-10-0x0000000000400000-0x00000000004C3000-memory.dmp

            Filesize

            780KB

            Download

          • memory/1104-18-0x0000000000830000-0x0000000000841000-memory.dmp

            Filesize

            68KB

            Download

          • memory/1104-19-0x0000000000400000-0x00000000004C3000-memory.dmp

            Filesize

            780KB

            Download

          • memory/1104-23-0x0000000000790000-0x0000000000791000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4644-0-0x0000000000400000-0x00000000004C3000-memory.dmp

            Filesize

            780KB

            Download

          • memory/4644-9-0x0000000000400000-0x00000000004C3000-memory.dmp

            Filesize

            780KB

            Download

          • memory/4644-1-0x0000000000400000-0x00000000004C3000-memory.dmp

            Filesize

            780KB

            Download

          • memory/4644-2-0x0000000000670000-0x0000000000671000-memory.dmp

            Filesize

            4KB

            Download