Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

c4849207a9...59.exe

windows7-x64

7

c4849207a9...59.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 00:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4849207a94d1db4a0211f88e84b0b59.exe

  • Size

    44KB

  • MD5

    c4849207a94d1db4a0211f88e84b0b59

  • SHA1

    32ef2a074d563370f46738565ecf9bb53c75909c

  • SHA256

    12a124cc2352f3ef68ddf06e0ed111c617d95cffd807dc502ae474960a60411c

  • SHA512

    4595c476f288edecdf9ddf441ce3ee0c8e2e4d0a69cdb533d157aaed490e6ee181f0844c38f399460b4e39fd7f11be1d561e2ea7b8823a0240f92f11b4a80529

  • SSDEEP

    768:nGJILQETLKVsHTcIFUUNIvKiuFdq/29VujFAPR4NP+s8yNzY:NRTLksHThteedTmjFTNP71Nz

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4849207a94d1db4a0211f88e84b0b59.exe
    "C:\Users\Admin\AppData\Local\Temp\c4849207a94d1db4a0211f88e84b0b59.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\_check32.bat" "
      2⤵
      • Deletes itself
      PID:2656
  • C:\Windows\SysWOW64\aspimgr.exe
    C:\Windows\SysWOW64\aspimgr.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:1840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_check32.bat
    Filesize

    179B

    MD5

    8d88836945c0c6c595ea8438b3f3aedb

    SHA1

    51b82432c864476c5b961694ed5a1a9febd204db

    SHA256

    e6a5cac5d9df297aeec62b76253215c82f6bd1fae77317542fe2e7e054808366

    SHA512

    87130ab2f8e9cdb892ad54110a82f6edc68f575ff07bbef4cd3fabc4a64b2278879c3daac371eae0e4cf7b80a9c93858a61460dad03f44fa8039ff793060251c

    Download Submit

  • C:\Windows\SysWOW64\aspimgr.exe
    Filesize

    72KB

    MD5

    9443e9bbac3b1fb5a21b3bbc3ec92ed1

    SHA1

    d6e0e331293b2f769ae031a1645e69ca88a4ee72

    SHA256

    2fef9a1a0eb6d0c1a0f7bbf91633e48ce1f3348c5ffb1a212284fd68ba93907b

    SHA512

    c582321e4b59d4b9060460b6bf12709a207ca97a389b07701112d1993e641813076944865d3fda68c75cda611376b4683735da1822949a1c93c8a2a3f3341555

    Download Submit

  • C:\Windows\s32.txt
    Filesize

    57B

    MD5

    6d5a6ae5a286557b4bd2dde7d664a33f

    SHA1

    0c0337f8a9b19d0f749547578b4907506c0fcf9f

    SHA256

    bd16bd826602c6547a8a95239225ae225df7b3046bd08b8d96c414003cbf12e7

    SHA512

    b4d3172657627ec8467d535c4140b02d643009472caa6dc5ea5f898bcc9bab922144bc4a352a22c56e0800087a82ea366ae92134725ed68b20ed7ebaaa2f5e34

    Download Submit

  • C:\Windows\ws386.ini
    Filesize

    12B

    MD5

    145a421f70a122cc3f1488ae41d7193d

    SHA1

    473597bdf6f29059803c8d9bbac3d155781f4086

    SHA256

    59f9728f7447230980c9c937606092fa608abadef7e1d0beda91b4ccd8254a38

    SHA512

    a93ae89937e81cd39b3b329194007426c13a13b740d623fbdd3429f76b3e9ce7f06a1ba1399962a7bfb0859b8de429ec65fe91183dd23103845e98ea633e0550

    Download Submit

  • memory/2208-0-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2208-15-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download