Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a43517dacc...a0.exe

windows7-x64

7

a43517dacc...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a43517daccdad5d036434fa0cb36b5a0.exe

  • Size

    60KB

  • MD5

    a43517daccdad5d036434fa0cb36b5a0

  • SHA1

    d8e43fbc599ceae39122b26851232d09658119a8

  • SHA256

    95961b8f5d59930b6e867f09c19e0b18a06445ce4d1bb8359d59ffbf0d01021c

  • SHA512

    64bd00a98e24b264fbf12055fe51bb051734ecaedba1fd25434a8dd949dab0755b9405e87399ff6e2f02597f0236f0c190d251cbc3c5c5d4f74445a568c0860c

  • SSDEEP

    768:XAaDt+5D+wDmpnIy9NdfbVpWsyqAggqFU84Qt/QAcQVu84Qt/QA:Qqt2+wDmtlusyqFgWJtoApJtoA

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a43517daccdad5d036434fa0cb36b5a0.exe
    "C:\Users\Admin\AppData\Local\Temp\a43517daccdad5d036434fa0cb36b5a0.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Windows\SysWOW64\updatedb94e.exe
      C:\Windows\system32\updatedb94e.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:4948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\cfghw.tmp
    Filesize

    361B

    MD5

    fed513e713a3a892ff3daf9235fb67bd

    SHA1

    e6a48e3a676cc24160e76c1292151ced7c545110

    SHA256

    131d6c04a3295c49b694aace549c433dfe0610e376c54c1c43267e9ed47317b1

    SHA512

    c1dfae49d5a90a265f798345518704eeda7f7ecff6d11bdad5f3fcd96568ec9c7ab7ed15f282f6a5ad04b57022d489572bd0fa551517f8a5af9d0d658fedc6cd

    Download Submit

  • C:\Windows\SysWOW64\cfghw.tmp
    Filesize

    466B

    MD5

    d7f3754acb5258c754d6407d2924bde3

    SHA1

    b1c195764ba742688ac62bdc18168e7dc5f99deb

    SHA256

    aba6b251b738d6b1f2f85917fa15808d0018ccb9e613da3d1f30965844e5777e

    SHA512

    f8390eb5add5727f8cd683332284ba3040a387939ab75ccab472e07701b0117005825f352ee0f34b5aba33f1ce8ae2702db9c5946caf2faf826a399f0ef38a94

    Download Submit

  • C:\Windows\SysWOW64\updatedb94e.exe
    Filesize

    39KB

    MD5

    cdc555406c7ceacc5782eec02d44bb5a

    SHA1

    297908f62efb34be6b24c3cb2982149d76e5ce69

    SHA256

    293e7051a6160af58189b1128799edae1578ae9b9ae842e35b640179d9061a0e

    SHA512

    10617c7089301f9548880f7be0f47124457cf5c6ab0c647a812e9055b8469abb40c5b559e055fc5076ebe795f216a5f7879354954435f720a57d06b849d69b79

    Download Submit

  • memory/1508-0-0x0000000000400000-0x0000000000411000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4948-9-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4948-74-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download