Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c482288399...ad.exe

windows7-x64

7

c482288399...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c482288399f315ca8c2430b8f2d4dead.exe

  • Size

    524KB

  • MD5

    c482288399f315ca8c2430b8f2d4dead

  • SHA1

    a48232f3da22b10e6fb3083e82c6cf0f89c1e9fc

  • SHA256

    6120e989002e9bbd3f9e3ebe242168aaebded7991a682db545ad7b28d85b5dde

  • SHA512

    2d9bb90ea4fb261f1cf206b58d797ee8db4f6cdab0aa0a71ba926079caeb4ce411c960d80a28499d7235204a885e42cd8998b8092a6d61408d6160660f2a3c24

  • SSDEEP

    12288:M4g1PZwpgiE9j8fLITQJ9ma9osmXpljAQ7fqJJbv0:+w4LMJ9+9Xp6Q4v

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c482288399f315ca8c2430b8f2d4dead.exe
    "C:\Users\Admin\AppData\Local\Temp\c482288399f315ca8c2430b8f2d4dead.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe
      "C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe" "C:\Users\Admin\AppData\Local\Temp\c482288399f315ca8c2430b8f2d4dead.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803
    Filesize

    192B

    MD5

    e5132d20d11abf31793c6114b0a277c9

    SHA1

    81abf8be2ebd8f3fbd8e2d7667877d70e1e5c2c6

    SHA256

    8350dc5ea7a067dd2a330d7f3059c5b9aa7c961adc817ea72973c387abcf9887

    SHA512

    a2eb076c77f5332a3fa1b2e5057c3c63ae51aa003bd8784613d366065bdd64828f602756d160e0fa614f4d10c13b2f72c6ff6541a769cf0691309f62473ebb8e

    Download Submit

  • C:\ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe
    Filesize

    232KB

    MD5

    103d72a6763b23c6bfaa0da3966a6514

    SHA1

    adbbe582b693817c6194695f59ce0636e476e073

    SHA256

    85cabac69c15f0632117f38b7873020262107dcc8dd413480968c69ec1fc2b21

    SHA512

    a8bf06b34aad74b953843ce15369bc91998cc30c0c69f8b3ecfa958046e3df0c9b386c614e0f48861edf97f10dafa59bcbb2739c361c5c4d14e699bd29643d13

    Download Submit

  • \ProgramData\jK01803LaMoC01803\jK01803LaMoC01803.exe
    Filesize

    524KB

    MD5

    5fdd579f72f9b60edcb024f51fc8b2f3

    SHA1

    b3b6bd34203e96f5cb169c1d70d68d2337edf56b

    SHA256

    fe3c1dd4a3cebd2bf9b2576ae74473549e7becfe4f953985e90f946471ad2b1d

    SHA512

    253881269eb8701622705e5418e026ebe043acf5f8b3f9d7e41388852da7c54320241453547cacafbb9a02c6639c1707e367520eaf7ba45f2ad46f5c3b053a2e

    Download Submit

  • memory/2024-18-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2024-1-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2024-2-0x0000000000670000-0x0000000000770000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2872-20-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2872-21-0x0000000000680000-0x0000000000780000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2872-30-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2872-32-0x0000000000680000-0x0000000000780000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2872-40-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2872-53-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download

  • memory/2872-54-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

    Download