Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

96f00f7bc2...d1.exe

windows7-x64

7

96f00f7bc2...d1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 10:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96f00f7bc2bddb1f08983242dab8b0d1.exe

  • Size

    51KB

  • MD5

    96f00f7bc2bddb1f08983242dab8b0d1

  • SHA1

    b7c2c2328cb745137cf717524a41c717cc7b180a

  • SHA256

    7150b18edd48917f35a4f2a8176f6adc382ec19ec14f89d86a07759965ebb7f1

  • SHA512

    e9d5d8df7f6bb1befc5be0bd10188ae7844f71f393d947a6d022b4dc4a87ccef092dc2c66160cb88a65ce6353723bc91ca722c4c0d49aaa69bb7f56cd15e95a0

  • SSDEEP

    1536:Nj/kKcWVvBOeDkuubz2L2yCgj1NxQFloO4P:ZsKccnkuOaqexNxQUO4P

Score
7/10
persistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96f00f7bc2bddb1f08983242dab8b0d1.exe
    "C:\Users\Admin\AppData\Local\Temp\96f00f7bc2bddb1f08983242dab8b0d1.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\ct1dll.dll
    Filesize

    41KB

    MD5

    fb0b3e9eb684907a6a21f6bff3852037

    SHA1

    9e16a8c26cbba086f6246f3d29e9a2a4817d7055

    SHA256

    1de6fda25443b79e2b1bb56a8444cefe8c164a90114b26103bc3f025a4bec913

    SHA512

    56e30bb080459686471e808057ed01a725d59ad48ffee74d66fedee2be3b0571614b69fc183056c36149d94a775204166170681f56bec3274b3e5f1b3977c407

    Download Submit

  • memory/2516-4-0x00000000003C0000-0x00000000003D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2516-5-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download