Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a340b979cb...04.exe

windows7-x64

10

a340b979cb...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 07:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a340b979cbca16353c7f40ad38fa8e04.exe

  • Size

    10KB

  • MD5

    a340b979cbca16353c7f40ad38fa8e04

  • SHA1

    4c459b92e92f452b9f2808e1c2bd6e2df7b9b611

  • SHA256

    096be1382aa2c1fb2dbf9ba721741a9a26f6527d521864d56dd2af8c1bbdc6c7

  • SHA512

    0b9a0ce4aafe991ed2b64ef0a3bf140fd1b61cda44741e81f03339d545a4e1d863a39a6f6e4fbf98a0ba34fed17d9c5a18ed4fa9b9489ecb1a79913cff4df511

  • SSDEEP

    192:9muDGimTHdRxpgj/7jSS6qiYsBLIEM4uhVFKvIW8Jt3q1Wap:9muDGTHdRPgX2xqhsVfM4u1KvIW8JUAY

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a340b979cbca16353c7f40ad38fa8e04.exe
    "C:\Users\Admin\AppData\Local\Temp\a340b979cbca16353c7f40ad38fa8e04.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\C0DF.tmp.bat
      2⤵
      • Deletes itself
      PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\C0DF.tmp.bat
    Filesize

    179B

    MD5

    b38d7a282c92c874e11e2f8f68ae70be

    SHA1

    648181ff9315587c08f1822430897ee7e57c4941

    SHA256

    27022a73dcdaf2ffaafa6c0701c62db1a96a30684e1f970842ae1c0a0c51d4e2

    SHA512

    7915f9bad3fb9fd4d2df643b3618ec29857e0c96859e97238f8805fa98b0919695f2e44d6796b10ade2c905ce6f9723099e2f251fb72fbe51b7f95bfd8ad7f42

    Download Submit

  • \Windows\SysWOW64\slbiopfs2.dll
    Filesize

    928KB

    MD5

    e407c6b9f000e28438278d9db4bb2bd2

    SHA1

    bf6eb75ab185f45b1ecdf3dccf23ff4a4c42fa07

    SHA256

    0bdf99c689b4c7ef699339f1b1dfc699ccded3e7f64e548e2d607d596a6c53a7

    SHA512

    e7cce39db41db6ffbfe60bcc018e69fda851177ff940421a189efe443f1d740387818c1f44d96b276f381e2663cd11109c075b5f0538af78b3fe4179f115b3f8

    Download Submit

  • memory/2340-5-0x0000000020000000-0x0000000020008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2340-14-0x0000000020000000-0x0000000020008000-memory.dmp

    Filesize

    32KB

    Download