Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

6673441d5e...30.exe

windows7-x64

10

6673441d5e...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2024, 17:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6673441d5e4c3adcbe670fd4025b90549bbc259224653a6795c123d59ff92a30.exe

  • Size

    308KB

  • MD5

    a33262199abfa39774d5f5e69957dde8

  • SHA1

    0792fe4d9f514d587edf772aa6acc6d0879e4974

  • SHA256

    6673441d5e4c3adcbe670fd4025b90549bbc259224653a6795c123d59ff92a30

  • SHA512

    958f569a47284b2ee41e9754d529b80078dcd218cc8a7bbdcf372589f0ea9dbfb8f69ef7b116f6c057edf4159373ed38dcbf17c7757a5f8f0236e68e91b89a88

  • SSDEEP

    6144:Ek4DdotiH8um78UhQyZ72VQShKLzuTHDZnV24lYgfg:L61m7rhQyZiBzegf

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of WriteProcessMemory 12 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1160
      • C:\Users\Admin\AppData\Local\Temp\6673441d5e4c3adcbe670fd4025b90549bbc259224653a6795c123d59ff92a30.exe
        "C:\Users\Admin\AppData\Local\Temp\6673441d5e4c3adcbe670fd4025b90549bbc259224653a6795c123d59ff92a30.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Enumerates connected drives
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:2292
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c pause
          3⤵
            PID:2772
        • C:\Users\Admin\AppData\Local\Temp\6673441d5e4c3adcbe670fd4025b90549bbc259224653a6795c123d59ff92a30.exe
          \\?\C:\Users\Admin\AppData\Local\Temp\6673441d5e4c3adcbe670fd4025b90549bbc259224653a6795c123d59ff92a30.exe -network
          2⤵
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1376
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c pause
            3⤵
              PID:2540

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.