Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

901091d1b3...2a.exe

windows7-x64

3

901091d1b3...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    901091d1b35154bd6f8c9e5290cc6d2a.exe

  • Size

    284KB

  • MD5

    901091d1b35154bd6f8c9e5290cc6d2a

  • SHA1

    1aa515f96aa01e87beb0fe3b55f1f40477611f02

  • SHA256

    be23d644d077e2682547a692629a089b32ae0df9114b5b04c58c08b7eaf7d9c1

  • SHA512

    f29fa97897a1c4da6e50b2b72b3740fc4b68d8ab5c9bdb3acb7ffc7fefeb70955fc39d3a54f814ce150c7b234568e924de99deb0db133f4da9454cfedce9e846

  • SSDEEP

    6144:BgRVQ+ejt8gogKU3tTlinJATQgOXc8LGWUMa/xqqULirwjj/IjS:uQ+ej2FEVlinKQ7GW0rw8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\901091d1b35154bd6f8c9e5290cc6d2a.exe
    "C:\Users\Admin\AppData\Local\Temp\901091d1b35154bd6f8c9e5290cc6d2a.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\tmp.bat" "
      2⤵
        PID:2704
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\tmp.bat" "
        2⤵
          PID:2856

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\tmp.bat
        Filesize

        24B

        MD5

        4462406e1bf8f5b03c0e746a193e94c4

        SHA1

        57863f56b68e501116064f7e80b3d1c3c6a35de2

        SHA256

        8c9e91d266a5baacb45e2d830a665448d36907b48535496f4f774518d0bbc1d1

        SHA512

        ba3a54fcddbe69ca8a92712817e4429bd69a90f0b8736828f6389b095fadca0a378652a65603f38405ae3445d0c9dbab3a8840ac386bda603accd47b4cbc1d71

        Download Submit

      • memory/2176-0-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2176-17-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/2176-19-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download