Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

83d569563b...27.exe

windows7-x64

8

83d569563b...27.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    83d569563bc7bb6c0bd75831d1de5d7a000e735e82ba4e8927c57b52bc316127.exe

  • Size

    137KB

  • MD5

    3d142afc9ea9c1505a889ada3e6490be

  • SHA1

    ec699ae9291f2d5f398ccd2b92377d7cca0a36fb

  • SHA256

    83d569563bc7bb6c0bd75831d1de5d7a000e735e82ba4e8927c57b52bc316127

  • SHA512

    16dbc86de5b5411f4ceceabdba2b3f418022b4a2635835acb0561228c0de967e74b0d411eab82338411b6620d6cf016b52f004d66d9a59a0beda25f5c1b45b77

  • SSDEEP

    3072:jifwJhNW+Bi8Hd9x5kxAIoqqZaxJtV3hiIEzW4:jywJhNW+Bi8Hd8UZZO3hiIIW4

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\83d569563bc7bb6c0bd75831d1de5d7a000e735e82ba4e8927c57b52bc316127.exe
    "C:\Users\Admin\AppData\Local\Temp\83d569563bc7bb6c0bd75831d1de5d7a000e735e82ba4e8927c57b52bc316127.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3472
  • C:\PROGRA~3\Mozilla\gfuniul.exe
    C:\PROGRA~3\Mozilla\gfuniul.exe -lfdzfzd
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\gfuniul.exe
    Filesize

    137KB

    MD5

    dfc248c0f38d8ae569586f9a3c810309

    SHA1

    8268aaf1e581f340a17f6d24ef74d62da77db485

    SHA256

    54eae1fdd2eae062980c025dfaba82c1e5661158d686ac776c8905dff84e42f3

    SHA512

    21eb5f7bad43db0faaa95c8d93a3052b4ac8513c61381abd689a988610d42c5d725d3d8fc874e0e6804ee68752d35dbae3b93cb1e0665416092df6e323221cb8

    Download Submit

  • memory/3164-10-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3164-12-0x0000000000E20000-0x0000000000E7B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3164-19-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3472-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/3472-1-0x0000000002170000-0x00000000021CB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3472-9-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download