Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c39a7d32fb...e2.exe

windows7-x64

7

c39a7d32fb...e2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c39a7d32fb3218b464c98f8182c109e2.exe

  • Size

    546KB

  • MD5

    c39a7d32fb3218b464c98f8182c109e2

  • SHA1

    4a7b6ec5274afd2130e83669845ab4644be5d589

  • SHA256

    b3e048c573d798a7bb0e231965aacdf949ff0e92caa7b3a7af3f602096ce5180

  • SHA512

    82cfbff00c329ca86fb6ecb80df9b6e89694c327dc277fa0b638ef44a71645faee7f9144961b61698cc1ba304a4e15bca9bd0531de22bd16edb79e68da2c3733

  • SSDEEP

    12288:EFn39nONzAnJkySMWVpDDRdzY9+Q4li8rwnzZIc/mvY:Ex39gzCJksWVpDDvqkVUzZIumv

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c39a7d32fb3218b464c98f8182c109e2.exe
    "C:\Users\Admin\AppData\Local\Temp\c39a7d32fb3218b464c98f8182c109e2.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:2312
  • C:\Windows\Hacker.com.cn.ini
    C:\Windows\Hacker.com.cn.ini
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2208

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Hacker.com.cn.ini
      Filesize

      546KB

      MD5

      c39a7d32fb3218b464c98f8182c109e2

      SHA1

      4a7b6ec5274afd2130e83669845ab4644be5d589

      SHA256

      b3e048c573d798a7bb0e231965aacdf949ff0e92caa7b3a7af3f602096ce5180

      SHA512

      82cfbff00c329ca86fb6ecb80df9b6e89694c327dc277fa0b638ef44a71645faee7f9144961b61698cc1ba304a4e15bca9bd0531de22bd16edb79e68da2c3733

      Download Submit

    • C:\Windows\uninstal.bat
      Filesize

      190B

      MD5

      09b4ba31389591f6ad364220461c891f

      SHA1

      cc6128df0a34c7d91fdb416562dd9e84526434a9

      SHA256

      45c0d36a9709573c158a7ba0af255bcad01fe8809d5eaf0b39db8ce170e9d0b5

      SHA512

      69964158fbb397bc84c0b79a2e5325331e0406e1e6d40f23a1a99f726b29785323722cd0c3889bbf2a0d0accfa78446b7a8407e0238f480039a2595709793af7

      Download Submit

    • memory/2240-6-0x0000000000400000-0x00000000005A3200-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2240-15-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2240-17-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2240-19-0x0000000000400000-0x00000000005A3200-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-0-0x0000000000400000-0x00000000005A3200-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2824-1-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2824-4-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2824-16-0x0000000000400000-0x00000000005A3200-memory.dmp

      Filesize

      1.6MB

      Download