Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

86e47a3626...4f.exe

windows7-x64

7

86e47a3626...4f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86e47a3626efbea7ad634f44c527db4f.exe

  • Size

    18.1MB

  • MD5

    86e47a3626efbea7ad634f44c527db4f

  • SHA1

    35dd64434e9c3b52364d36fdc07518dbeb6579f7

  • SHA256

    8f7bc45cad1174cdaf1a7b52fa15b38c243043e5dc996929a6cb158cec9ee523

  • SHA512

    58ed27962461943d7afd9edf242c21bad10fe5f0377db9cb40031d9cac3935129fa33fd6a1b11d397a832e8b53b8bf444b2062c24de312f36c15b016f6186176

  • SSDEEP

    393216:v+Ea8A84puEkJ05lekUW3VP0m+DoOft5eYE2/a+8aLzov3qv0iq6JmYpleUB:v+ENtHJyDUWJuj1ffM3s0iqwmYp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86e47a3626efbea7ad634f44c527db4f.exe
    "C:\Users\Admin\AppData\Local\Temp\86e47a3626efbea7ad634f44c527db4f.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    PID:4876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\50XEw4V60k\7z.dll
    Filesize

    170KB

    MD5

    31cad6a3edd1c32981ad6b565cbeac94

    SHA1

    9338978c85a9423ee2a38cba027f79192d684f1b

    SHA256

    b8521abda09ec17ddad36528c1bc50395dc8c5f7c11c026a5b3ff23110c54182

    SHA512

    02e198b8ef192de55db35ae00a16a80b3309a9373a596c20d617b43dd7159a635bc303f371859e704375521a1242d02754807e2e9dfef63ffd06993b24c17d3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\50XEw4V60k\tools\bootmhr
    Filesize

    388KB

    MD5

    9d48760c0f911ce98c046329378117e9

    SHA1

    0e3fbb49e35c7fe19cc045e23af0044f265595ca

    SHA256

    1f6b804b50a74cf0c511c7b90f4392ba038b1b4d521935d3bbdedbd6581276bb

    SHA512

    40e614b3de1f20aff8f2fbdde20b93a5d7f0931123ba678a7e3478d36e18b1f3939da8444296c43f26bcc606a8142a7cfd32d2627a78a50a8a102feb6594f2fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\50XEw4V60k\zjz249A.tmp
    Filesize

    127KB

    MD5

    da008e2544b6bcae5fb320972e4709b3

    SHA1

    70ac5aaaaba1c7357ed9d0f5078f19a5e928bf19

    SHA256

    5535edd1a021d2708b2cd6dc6d1809879dfc171a38928448244714b376ee3a4d

    SHA512

    8da7cd227319e668507ed580848271121f30af839997935d82739c6118a996e5cb184a9d70019dec29f103fdb740fb7ef01b901e03a8bb787c5622d7bb7e73f0

    Download Submit

  • F:\ZJZL\86e47a3626efbea7ad634f44c527db4f.exe
    Filesize

    18.1MB

    MD5

    86e47a3626efbea7ad634f44c527db4f

    SHA1

    35dd64434e9c3b52364d36fdc07518dbeb6579f7

    SHA256

    8f7bc45cad1174cdaf1a7b52fa15b38c243043e5dc996929a6cb158cec9ee523

    SHA512

    58ed27962461943d7afd9edf242c21bad10fe5f0377db9cb40031d9cac3935129fa33fd6a1b11d397a832e8b53b8bf444b2062c24de312f36c15b016f6186176

    Download Submit

  • F:\ZJZL\softinfo.ini
    Filesize

    144B

    MD5

    ed238c3c8489ce4f4209278eeb545e39

    SHA1

    e04c47b75e2f7fbcd11379402393ccee07fa0e38

    SHA256

    e509a6e9ff7aa2a5bb0997425f33ba82c236bbb2742b54228d26452cbc9bacce

    SHA512

    ead5fb544f83d450b9731ca5518206bad4b8c6893739bc999c0e9d9a5531f2e55be98b8589a04323dfefad3c793c06290e381b5c69e1a7c2acf86ecb80c8037b

    Download Submit