Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

863fb63c46...d3.exe

windows7-x64

6

863fb63c46...d3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    863fb63c46c2124e5f6a67fdd09badd3.exe

  • Size

    187KB

  • MD5

    863fb63c46c2124e5f6a67fdd09badd3

  • SHA1

    16f9a7187e1afeef09136d7902b69972c80f8ea0

  • SHA256

    f9215430ff0a9e3a5a6d082e8952c12c70d15b2478ce58153e60d4d977adb1ef

  • SHA512

    e67339186ed34b7e04ea7bde6412fee29d122c6beb81aa9ce79bb582f39020c9f55b7a65e275c1da17dbd0fbc579d5360a60f075ec5ff252b5972579a027ce23

  • SSDEEP

    3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8yX:o68i3odBiTl2+TCU/UX

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\863fb63c46c2124e5f6a67fdd09badd3.exe
    "C:\Users\Admin\AppData\Local\Temp\863fb63c46c2124e5f6a67fdd09badd3.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\bugMAKER.bat
      2⤵
        PID:2872

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\bugMAKER.bat
      Filesize

      76B

      MD5

      f2a8fb510fd01b913f53d72c8f9b5ace

      SHA1

      9753f1b74c28d1fcab670242050363aeb923bc8a

      SHA256

      7e40973f5ac78484bf7932da37811a1ed8197fa4d81bcd6e2830bbbb304954a5

      SHA512

      ba72db94d6f2cc44929ddf2a1d26836f102b24fc9f8480d28c7a73e6243ee562c1f12fea9e403243dea50a13ebb16dcf09da813d8fadf17099aca897fac6f51c

      Download Submit

    • memory/2872-62-0x0000000002360000-0x0000000002361000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2908-67-0x0000000000400000-0x000000000042D000-memory.dmp

      Filesize

      180KB

      Download