Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c45a6b50e9...ec.exe

windows7-x64

7

c45a6b50e9...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c45a6b50e9ab1a2c3b1b3e0c848e60ec.exe

  • Size

    744KB

  • MD5

    c45a6b50e9ab1a2c3b1b3e0c848e60ec

  • SHA1

    d9341271f44f564ac439d3efb6eaaa54a414d8fa

  • SHA256

    d8f172a8806c2d88522bcc2d07e5b123f7d59d36b3e0fa83b4c2ff167afbfea8

  • SHA512

    88a9d9665a28b27e49bf86d82d81930e33af6a97e52402587a6cf07d87c32e2f958a07220c280bb3518fdcf65923546f455def721b27109db51f62f8e378a023

  • SSDEEP

    12288:vBELjEV2tIJcEndCAFsnxCvgJAXV80BVrBoiaQNetqWQffG:vBEIAAFsxSgJeJy3qWse

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c45a6b50e9ab1a2c3b1b3e0c848e60ec.exe
    "C:\Users\Admin\AppData\Local\Temp\c45a6b50e9ab1a2c3b1b3e0c848e60ec.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.BAT
      2⤵
      • Deletes itself
      PID:2624
  • C:\Windows\WAPH.exe
    C:\Windows\WAPH.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files\Internet Explorer\iEXpLOrE.exE
      "C:\Program Files\Internet Explorer\iEXpLOrE.exE"
      2⤵
        PID:2568

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\WAPH.exe
      Filesize

      744KB

      MD5

      c45a6b50e9ab1a2c3b1b3e0c848e60ec

      SHA1

      d9341271f44f564ac439d3efb6eaaa54a414d8fa

      SHA256

      d8f172a8806c2d88522bcc2d07e5b123f7d59d36b3e0fa83b4c2ff167afbfea8

      SHA512

      88a9d9665a28b27e49bf86d82d81930e33af6a97e52402587a6cf07d87c32e2f958a07220c280bb3518fdcf65923546f455def721b27109db51f62f8e378a023

      Download Submit

    • C:\Windows\uninstal.BAT
      Filesize

      190B

      MD5

      7cb32f687e3f878291812b9cd669c864

      SHA1

      bef2b4c931fff6b355931759b47648d0cc2bb775

      SHA256

      f73f781c7f8232ff551a3866b172d00151831afefb4e48172c0f7d3622a12e7d

      SHA512

      2a9df2a164271d5e06c57c456372a65958765bdbc12e8dd7ef2da4ba74cf60ed00c36e36cb7e181ef63c3c1863ebbc659340aba0e4e4f4f0eeaee6f22386c825

      Download Submit

    • memory/2028-5-0x0000000000400000-0x00000000004C2200-memory.dmp

      Filesize

      776KB

      Download

    • memory/2028-6-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-17-0x0000000000400000-0x00000000004C2200-memory.dmp

      Filesize

      776KB

      Download

    • memory/2028-19-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-20-0x0000000000400000-0x00000000004C2200-memory.dmp

      Filesize

      776KB

      Download

    • memory/2028-26-0x0000000000400000-0x00000000004C2200-memory.dmp

      Filesize

      776KB

      Download

    • memory/2984-0-0x0000000000400000-0x00000000004C2200-memory.dmp

      Filesize

      776KB

      Download

    • memory/2984-1-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2984-15-0x0000000000400000-0x00000000004C2200-memory.dmp

      Filesize

      776KB

      Download