Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8f28d13c3e...a5.exe

windows7-x64

7

8f28d13c3e...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f28d13c3ef806664ca602589226daa5.exe

  • Size

    150KB

  • MD5

    8f28d13c3ef806664ca602589226daa5

  • SHA1

    6728f615477b8266ab952c75efd22c2cee3f6c0e

  • SHA256

    b0ec1c7d122a89d3a63908a592b62526f4fcf93672b57550ace10bdd0ac870fe

  • SHA512

    be5d4a2b32d93af5a791a8bb5dad555bdadd9c60a43bb69d45982182521a0053b80f8b4f6f18aae95758edf40a73b777eda3a18451587c3cd405ab2ad89119e0

  • SSDEEP

    3072:79ELyQJ20T0hGgd5xD3Ls2kdMdV6LA4Rx6fBApS57i1ap/:79MJLTQD7sfdMdQA4R+Af1

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f28d13c3ef806664ca602589226daa5.exe
    "C:\Users\Admin\AppData\Local\Temp\8f28d13c3ef806664ca602589226daa5.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Windows\Aqanea.exe
      C:\Windows\Aqanea.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Aqanea.exe
    Filesize

    150KB

    MD5

    8f28d13c3ef806664ca602589226daa5

    SHA1

    6728f615477b8266ab952c75efd22c2cee3f6c0e

    SHA256

    b0ec1c7d122a89d3a63908a592b62526f4fcf93672b57550ace10bdd0ac870fe

    SHA512

    be5d4a2b32d93af5a791a8bb5dad555bdadd9c60a43bb69d45982182521a0053b80f8b4f6f18aae95758edf40a73b777eda3a18451587c3cd405ab2ad89119e0

    Download Submit

  • C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    Filesize

    344B

    MD5

    a48abeccd7b89ba24cec341357876221

    SHA1

    9339835bf49855a17ce7c6e509611e9571f2d1a9

    SHA256

    80626b90b34511b5f6555d2724ff6017e7a69990dd2f2a09a111f592514de08f

    SHA512

    a72f1b6021ed88ac0fcbcc5a03cb3ca4b23d7bb89f10b947bc8ab19f76287f0d3e4023dc0a386f7436e4fe7ac4ea614ccabdfc37522272434c4fb8412a31cdae

    Download Submit

  • memory/2068-35675-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2068-1-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2068-0-0x0000000000290000-0x00000000002BA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2068-14130-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-44766-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-24681-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-8-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-49938-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-49939-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-49940-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-49941-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-49943-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-49944-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2792-49948-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download