Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

fd9c7a9528...af.exe

windows7-x64

8

fd9c7a9528...af.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 05:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd9c7a95284cee5e0145b8255e04a8af.exe

  • Size

    84KB

  • MD5

    fd9c7a95284cee5e0145b8255e04a8af

  • SHA1

    70c830fa72a3ac444cfb48feb1e763363f00899e

  • SHA256

    dfa6a6ffe5fa53daddf2403ba5cb9a3c2d99a31463da7edeebb6e9c28af82802

  • SHA512

    0d2e3f869f6828dbe7dbc09e4c468483c9a5bd087bae38bfc7a2723545aaa87bf726c84a20618235b2e21c83074e7a4c403927f78dce40bd394c57dfaf1d1ae3

  • SSDEEP

    1536:7azWlKzJVcNp++yQNS6xNNCT2l8NE8llbpTaCJRpsWr6cdaQTJSvYYm78Rxvp:JFNpo6rIKlUE8fbkqRfbaQlaYYmI

Score
8/10

Malware Config

Signatures

  • Manipulates Digital Signatures 1 TTPs 4 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Modifies registry class 21 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd9c7a95284cee5e0145b8255e04a8af.exe
    "C:\Users\Admin\AppData\Local\Temp\fd9c7a95284cee5e0145b8255e04a8af.exe"
    1⤵
    • Manipulates Digital Signatures
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
      "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
      2⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab72C2.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7303.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2312-0-0x00000000001D0000-0x00000000001D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2312-1-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2312-2-0x000000001AF90000-0x000000001B010000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2312-3-0x000000001AF90000-0x000000001B010000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2312-4-0x000000001AF90000-0x000000001B010000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2312-68-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2312-69-0x000000001AF90000-0x000000001B010000-memory.dmp

    Filesize

    512KB

    Download