Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

909d4ea0d3...b6.exe

windows7-x64

7

909d4ea0d3...b6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 22:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6.exe

  • Size

    94KB

  • MD5

    bf3ed8613aa1f81316fb516c0bfe2fe5

  • SHA1

    e5d829d2fca465db0cf96ed879aa3b9955c9d1c1

  • SHA256

    909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6

  • SHA512

    1e942cc9f8107a98b16f554e8da5c5f6732411bea2b8eac7bd9f8962b64e6c97829f0bbac192726bfc3f7753418b9e33f7f35da97c4217bcaf52793237e574f7

  • SSDEEP

    1536:Sdyql1M7wIIEuti7rEYivykYkpaWj0OlgG7mJAm/lGb3clsH:SdV1Z1i3QKqlgGCJr/lAH

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6.exe
    "C:\Users\Admin\AppData\Local\Temp\909d4ea0d35b7f78f6b01ec71197d2043405960eae13498bc4f029936a75e1b6.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\_del.bat
      2⤵
      • Deletes itself
      PID:2504
  • C:\Windows\SysWOW64\sppsrv.exe
    C:\Windows\SysWOW64\sppsrv.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_del.bat
    Filesize

    294B

    MD5

    d8574e18218b262fa731397474b5e4e1

    SHA1

    48ba99ab79a884ffd6fc2b6a3bd8cbdfdd260247

    SHA256

    7a4fbd296ea93fdb713787c3583285a6d621cdd0d5fbc720069b9028f01f9659

    SHA512

    133674179ba050fe00cd23ea5e236daf6bfa2e6247b39b5ada2e3c1aa78ba85d011debb61622f89a9436ded45028ab5e0f0a01ef7ef70533cb4410e04bfe86bb

    Download Submit

  • C:\Windows\SysWOW64\sppsrv.exe
    Filesize

    94KB

    MD5

    96dd3384c8ab2628a53f99d6ed3b2c5d

    SHA1

    09ecffe58c4327247e98cb57e36b8b7fe1f537e0

    SHA256

    b5960daa3f84329e047bcb0402000c332d26d80fabe53de0ea0834b38c46282f

    SHA512

    4b225653f22a4655d79cfe2220f8d18b89f1fb06f184befb285e51587515b5ebfaa31d60e2a4389cdb61d5dc9b2f67199116e23f7f8ac733554f30aec82c1a6e

    Download Submit

  • C:\Windows\SysWOW64\xpwunp.dat
    Filesize

    740B

    MD5

    c98d47ed9bac1d6b52acca1f68224801

    SHA1

    40c98ce2780eb32ed71feb2fc94545e4e619b381

    SHA256

    721fe9f07591731ee8aa17605714aa7119ed1a9807b4f3d0aeabcee622501433

    SHA512

    9fffdf1343d81e6df3cfffc05a9210e48cefbc784ca939ff4efbe94e839a4efff8291fce8e4c14b4630ba3d8e1eb5a506f5560df4001ce9130221d2209e68323

    Download Submit