Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

a0b53d45cb...0c.exe

windows7-x64

8

a0b53d45cb...0c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2024, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0b53d45cbda284994b819c8cd10530c.exe

  • Size

    6.1MB

  • MD5

    a0b53d45cbda284994b819c8cd10530c

  • SHA1

    5434413b722c4d66453d8ea234b7ef560cd8ec67

  • SHA256

    2ebb208b3eee8ae5e2408617799ad37c87fa0eb5c020bedd25b1c0ce801ca70b

  • SHA512

    0bf484d302b90af055ec17f15ae140b4001b00a04c0cf3a53e7201f9e67621df7a8d4fd1f6ec432a0ea3654ebedc362e4e914f758969071fe281b84abf6f6c04

  • SSDEEP

    196608:kdWGuWW+1JQTHd0BGN0koepw1RygUGdlWV/MH1Vxz:uWGeAJQ50y/0eMV

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
    "C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
      C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
    Filesize

    5.5MB

    MD5

    aba786cca9b7c34082e4e55a50792e78

    SHA1

    ee897210e12b5d4821ba8673f1bf765dbb513c14

    SHA256

    184abe0255004abfda4c8530d3b92764c32b80e64552e44296b77230b8db237b

    SHA512

    f25d266b4c4153797aff20a76ac5584d18627382b0bd42d64e72dc831c429a15e92f2ddec096a55747f478063e481c1d20314e7a6d5335bfd0031e006da4bc26

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
    Filesize

    3.7MB

    MD5

    b471c98176ca63659b98c35f5051f2f8

    SHA1

    77d290fc7e231fd169c4648f087ead9c3109912c

    SHA256

    01787a4d39d4afad8c03276f53538be3c59fe5486deca607f480a8f2b16cc05c

    SHA512

    786d72c9fd06962b9ef5bd8796351df0c117cd07745bd5815395e96de534fce0462b44499b9d8aa6660f72ea2c3e14528892d2183bf3b76e007f192f2beb94f3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
    Filesize

    4.5MB

    MD5

    390416a4798793a565e1c4ad762ed627

    SHA1

    defcb61271d3f99acb7209c142ffd84a5a8c3f33

    SHA256

    0469b8bd7eb6db154edf781d808a30bee09d6fc0f888054f38f7c5d208e88d68

    SHA512

    fbbfed194cd15ed2bd2edaed3f83d03f68259823e2ff4ce923f158dbff03ff5db784a5db3d229eaf3179900cb7a2495c6e0868df2425487553356eb84e1242ce

    Download Submit

  • memory/808-0-0x0000000000400000-0x0000000000AFC000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/808-6-0x0000000000400000-0x0000000000AFC000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/808-7-0x00000000049D0000-0x00000000050BB000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/808-12-0x00000000049D0000-0x00000000050BB000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2944-9-0x0000000000400000-0x0000000000AEB000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2944-10-0x0000000000400000-0x0000000000AEB000-memory.dmp

    Filesize

    6.9MB

    Download