Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

9676324180...62.exe

windows7-x64

5

9676324180...62.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9676324180e2624b259fdd443da55262.exe

  • Size

    10KB

  • MD5

    9676324180e2624b259fdd443da55262

  • SHA1

    b4c54624a4611def7a19ee4373d113cf53c4ebfd

  • SHA256

    7053449b958e04e2ecde4c48f76fc76401226bb6d1ec1b384bcd4102e1557ced

  • SHA512

    58f1461c9c923e3e6574e6a8201a12c6a8c4bb318de10a2e8cc6db6c011b6525fabb65b94371c43d1e5bde2aa727051df8d54388ded46373d78efa8aa61cb56d

  • SSDEEP

    192:I+wLZcz3Jumy2/xRTNnqsLBg1Z9OZtE50lQ3gpdv4DkgUwu0D:I+wLZSJ2gtNnDLBnZaulQQpdwcGD

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9676324180e2624b259fdd443da55262.exe
    "C:\Users\Admin\AppData\Local\Temp\9676324180e2624b259fdd443da55262.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\DeleteFileDos.bat
      2⤵
        PID:2520

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\DeleteFileDos.bat
      Filesize

      176B

      MD5

      495949363519ab9378e10fe2160347bd

      SHA1

      d2465edee504606570cd701e5e1b4fc39143f56f

      SHA256

      2a640bbdf706988a1885dad9c274d3c054fa49761a242febe87a69c673da3481

      SHA512

      420186d034501dc6ad25724bd1d60ac6ac9c0f7a09a64b37df324ac19d678c3770a21474ba3fa13b74db1f04ed0133caa05336431f7bfa4bc404bb7b54a4ef8e

      Download Submit

    • C:\Windows\SysWOW64\qjepri.dll
      Filesize

      15KB

      MD5

      33b499510b2b549df0e182064765cb0e

      SHA1

      41c6967e6114f191d3521641907bde616a1396cb

      SHA256

      4ba8fac02244f88da0decb5b160a3857d53c918592da0c3f7d6a1629d7202651

      SHA512

      632cf73e3f297609d87724b82025da44c1a8fb67c93a82a69f2a3e26e6682e2f2645e29dd1d5ff586fc7480920d880153789109db6bdb458148df10ea43095fd

      Download Submit

    • memory/1708-0-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download

    • memory/1708-18-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download