Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

86e47a3626...4f.exe

windows7-x64

7

86e47a3626...4f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86e47a3626efbea7ad634f44c527db4f.exe

  • Size

    18.1MB

  • MD5

    86e47a3626efbea7ad634f44c527db4f

  • SHA1

    35dd64434e9c3b52364d36fdc07518dbeb6579f7

  • SHA256

    8f7bc45cad1174cdaf1a7b52fa15b38c243043e5dc996929a6cb158cec9ee523

  • SHA512

    58ed27962461943d7afd9edf242c21bad10fe5f0377db9cb40031d9cac3935129fa33fd6a1b11d397a832e8b53b8bf444b2062c24de312f36c15b016f6186176

  • SSDEEP

    393216:v+Ea8A84puEkJ05lekUW3VP0m+DoOft5eYE2/a+8aLzov3qv0iq6JmYpleUB:v+ENtHJyDUWJuj1ffM3s0iqwmYp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86e47a3626efbea7ad634f44c527db4f.exe
    "C:\Users\Admin\AppData\Local\Temp\86e47a3626efbea7ad634f44c527db4f.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wFcG00yYBB\tools\bootmhr
    Filesize

    388KB

    MD5

    9d48760c0f911ce98c046329378117e9

    SHA1

    0e3fbb49e35c7fe19cc045e23af0044f265595ca

    SHA256

    1f6b804b50a74cf0c511c7b90f4392ba038b1b4d521935d3bbdedbd6581276bb

    SHA512

    40e614b3de1f20aff8f2fbdde20b93a5d7f0931123ba678a7e3478d36e18b1f3939da8444296c43f26bcc606a8142a7cfd32d2627a78a50a8a102feb6594f2fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wFcG00yYBB\zjz3312.tmp
    Filesize

    127KB

    MD5

    da008e2544b6bcae5fb320972e4709b3

    SHA1

    70ac5aaaaba1c7357ed9d0f5078f19a5e928bf19

    SHA256

    5535edd1a021d2708b2cd6dc6d1809879dfc171a38928448244714b376ee3a4d

    SHA512

    8da7cd227319e668507ed580848271121f30af839997935d82739c6118a996e5cb184a9d70019dec29f103fdb740fb7ef01b901e03a8bb787c5622d7bb7e73f0

    Download Submit

  • F:\ZJZL\86e47a3626efbea7ad634f44c527db4f.exe
    Filesize

    4.4MB

    MD5

    b8a41a693fb642da5bbbd5ea329227d9

    SHA1

    29fdf312a46a30a00beb69067705c087fcbb216e

    SHA256

    5df99cec2e15fa413d78a9022c5b0d6cac1521171afb2343f506cc9f2e6d6613

    SHA512

    6b63036b1bdd82a015769d1cd6eb4bc6978dbcfc81ed268e895870ca3a1b5d592af745456e08645dd7a4a13e82645997e39b9212484fc8df99b686b185419427

    Download Submit

  • F:\ZJZL\softinfo.ini
    Filesize

    144B

    MD5

    ed238c3c8489ce4f4209278eeb545e39

    SHA1

    e04c47b75e2f7fbcd11379402393ccee07fa0e38

    SHA256

    e509a6e9ff7aa2a5bb0997425f33ba82c236bbb2742b54228d26452cbc9bacce

    SHA512

    ead5fb544f83d450b9731ca5518206bad4b8c6893739bc999c0e9d9a5531f2e55be98b8589a04323dfefad3c793c06290e381b5c69e1a7c2acf86ecb80c8037b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\wFcG00yYBB\7z.dll
    Filesize

    112KB

    MD5

    b848182e3dc75301bdd0881f326a978f

    SHA1

    14b8fb2b1fea9cad83a3ba1a89a775cc248910ed

    SHA256

    0545d3b343993f213a622508be65af0e8e9c7b599f965f009ba7a4168e22b00d

    SHA512

    8656c1e133325e65b56bdd309042f9acaa3aae3af99cc2b90d8fb21b80a02504cdc877f1aac3ec97619b6e0e41d56e58be0e9c94df88e208c68e4a800cac1a05

    Download Submit