Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

110ac3af0a...1d.exe

windows7-x64

7

110ac3af0a...1d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 19:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    110ac3af0ae9210dccc86e7b9bd14d7274b80c18630e9b0b4b2c1469ba2ddb1d.exe

  • Size

    1.8MB

  • MD5

    a69c199a4f17c1dfd96b64ff2e3651d1

  • SHA1

    3a441d70c00a5535b8ce8cee93dea0d71536c1a5

  • SHA256

    110ac3af0ae9210dccc86e7b9bd14d7274b80c18630e9b0b4b2c1469ba2ddb1d

  • SHA512

    f629c6172172c0fca384a8308d250ad315ddffcdcb1c595b6029aa7c960780177dedb2c1a01895a64d2332a9c1dab1c760a6097fd3387c25624aeae2232e18ec

  • SSDEEP

    49152:Zi39+084E6W4W8+m/ob49aXZmMA88DOKmX:Y+HVb4W8bG49unDfTX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\110ac3af0ae9210dccc86e7b9bd14d7274b80c18630e9b0b4b2c1469ba2ddb1d.exe
    "C:\Users\Admin\AppData\Local\Temp\110ac3af0ae9210dccc86e7b9bd14d7274b80c18630e9b0b4b2c1469ba2ddb1d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Windows\system32\cmd.exe
      cmd.exe /c set
      2⤵
        PID:852
      • C:\Users\Admin\AppData\Local\Temp\~7443456966716773161~\sg.tmp
        7zG_exe x "C:\Users\Admin\AppData\Local\Temp\110ac3af0ae9210dccc86e7b9bd14d7274b80c18630e9b0b4b2c1469ba2ddb1d.exe" -y -aos -o"C:\Users\Admin\AppData\Local\Temp\~5757588230734611182"
        2⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1964
      • C:\Users\Admin\AppData\Local\Temp\~5757588230734611182\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\~5757588230734611182\svchost.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~5757588230734611182\msedge_elf.dll
      Filesize

      26KB

      MD5

      457f1e9754479c07bfa7925fd743bdfa

      SHA1

      d2c99cca4749da75f5b3dd624943e425205f3828

      SHA256

      2fa643f7c1a47a1c9423d4602e32bed58aa7adf1a40ee112e0ce8c7767f438c2

      SHA512

      11b781260b8a76624663053723789c346e97248e5bc0db1a425a73ee5384ec6e78b25d8e95a28c4b2fd48e6b4ae06872e07fd8a47c2dd80224e606504ac65ab9

      Download Submit

    • \Users\Admin\AppData\Local\Temp\~5757588230734611182\svchost.exe
      Filesize

      833KB

      MD5

      9a25c9f4ae1ae0206d0ac670fc26bfb0

      SHA1

      ab9e4e3c92a722d0ccec78a5843d99b29d5a65e5

      SHA256

      7e78f5183d1539b90445356a7069b0f610d9b8c69c2be228e5952fe807d1791b

      SHA512

      ed7c65b387f8a3aeb06a3e06ed6444a928bdaff816391220a633dbbc18b6d8db65e86889ed1ba9e48d8e88dbb3cae4867a7c3a1ff12f473f36f03639a5b711d1

      Download Submit

    • \Users\Admin\AppData\Local\Temp\~7443456966716773161~\sg.tmp
      Filesize

      715KB

      MD5

      7c4718943bd3f66ebdb47ccca72c7b1e

      SHA1

      f9edfaa7adb8fa528b2e61b2b251f18da10a6969

      SHA256

      4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc

      SHA512

      e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516

      Download Submit

    • memory/2308-0-0x0000000000400000-0x000000000055F000-memory.dmp

      Filesize

      1.4MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.