Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

8aca73a0d6...92.exe

windows7-x64

10

8aca73a0d6...92.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8aca73a0d688b7c3b555dbb5799dba92.exe

  • Size

    16KB

  • MD5

    8aca73a0d688b7c3b555dbb5799dba92

  • SHA1

    565bafc4bf770d10c3bcfd1f5ed2b24194b35253

  • SHA256

    5d93b84bf2d6519a5b7ba45e27d9d014106f19102df7281fa58a0ee081f68724

  • SHA512

    06387990bc2583b9715a0e71d08feffe4db4f81cb984c7262005bce67ea4c0f91c556b533e875906550c6938b07d68c004b543063fe750da4c0b5951fef7fb57

  • SSDEEP

    384:gqmhgzhZvetCeBcfWiIrcDxn2RV+kBo6p:gqEeZvetNBcxDI3o6p

Score
10/10
persistenceupx

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8aca73a0d688b7c3b555dbb5799dba92.exe
    "C:\Users\Admin\AppData\Local\Temp\8aca73a0d688b7c3b555dbb5799dba92.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\8891.tmp.bat
      2⤵
      • Deletes itself
      PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8891.tmp.bat
    Filesize

    179B

    MD5

    6bba2557b229eee6673612d2f56a66c9

    SHA1

    2b89d7fefaf165462ebacb3c19bf4815c6d6fe7f

    SHA256

    a687d652b31bda58e11a652f61e09c8c6fc00295e1947fb1e10ad5011dddcf3c

    SHA512

    93436c3568a14f76775626986a154b14da7eef9ef9384a122977e20b16033ddcfd175d0a93fc005435ef8d1b410973697ca5e557f77b000d8137624eef8bcfd2

    Download Submit

  • \Windows\SysWOW64\rpxlvzvs.dll
    Filesize

    2.3MB

    MD5

    f923c1f8835616ed98f0e01ef13dd2ce

    SHA1

    3029f2d6ff0713b66e05db313228afa7584271f1

    SHA256

    2bc449c33576e0b044f37a55e10cb504ce428fd3de4e31dac7d7bdc86c4dbf16

    SHA512

    0e43ee260e1cbad41f72b74bc89c23d2b5ec6b085db2879e5cc895afc9695186c4dacaab612b80b00266f2772352e9439ae805d46c134f0bc74baa43faf3b52b

    Download Submit

  • memory/2844-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2844-14-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2844-13-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2844-25-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download