Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c83006e7ae...3a.exe

windows7-x64

7

c83006e7ae...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 08:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c83006e7ae807153f6fc0f13f4550a3a.exe

  • Size

    761KB

  • MD5

    c83006e7ae807153f6fc0f13f4550a3a

  • SHA1

    66e36a66084c4727b58503fe92a1512bc04c33c8

  • SHA256

    f16d44151db20fb23e0f282931fa937f485e7f0725716238c631a583169c7ff8

  • SHA512

    9fa5df46a1f4b71948d8e25a35fdfc41f6850e93c5b7ac03024bdd426cb138cfc325bca1048644c4ea50a7b184b2fb839aa2f49cabaaee2618e2e4b012818aea

  • SSDEEP

    12288:18IdtzeU0qKiWKQ0zu8zdpDOPReZs8W8R66WZF3Z4mxxbARuxuYT6Vxxa1/:18Idtz77KiWB0KU5OpeK8K6WZQmXbpFT

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c83006e7ae807153f6fc0f13f4550a3a.exe
    "C:\Users\Admin\AppData\Local\Temp\c83006e7ae807153f6fc0f13f4550a3a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\Delete.bat
        3⤵
          PID:2436
    • C:\Windows\winxp
      C:\Windows\winxp
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of FindShellTrayWindow
      PID:2612

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
      Filesize

      128KB

      MD5

      71fd399aa754775b9bbb7ab2936cee3b

      SHA1

      270bdadeec70be60efa5dcd0ef84a54bf9b8f29f

      SHA256

      80d1edb991279fd8567faff0c420320ce04c74a359af20823045057a52e14612

      SHA512

      bd97285e5d17b668af879212e25d020a607156b415a767111d1d56353ab2c91b733b9d5af39061e75a586b0785db58190b82c45409e24e11c4d5d998d0bdbeea

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
      Filesize

      64KB

      MD5

      6d2ac884b3824652ac187998f8ca4df7

      SHA1

      701a2ab393a8ad1e0c5c4fc505b01c6d59665601

      SHA256

      497180d89caa11b99fceb03e4b37fa9d16eb86fc80ae26fbb6a638107ceb582c

      SHA512

      ee571c920c90ba488d2b4de2500adee1f5891205cd9aa5abe4feb95a98ea587cccb83f0089549baffdda4b64aa070f0f902b056476a086186d7e798685646dba

      Download Submit

    • C:\Windows\Delete.bat
      Filesize

      160B

      MD5

      a36877fec4fde35c6b0927285e6d751b

      SHA1

      1122da3f21167b4bcaf3866408e06e35d85cca07

      SHA256

      a925132d0062d8b3bd95071e438a82ce0dcb70950cfa56f17a873f99cf6c4618

      SHA512

      2d734ef1843597ecfc2992d1ad822c2374476ee310eee68e73f27f80abe393014a57acc112ad9479f471e4f5919b176b541261d4a46b61931b1308ba51b69758

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
      Filesize

      398KB

      MD5

      f557305e284e3f0008b5556ed0aea4f4

      SHA1

      304af015334bc75d17fd5b81d8788cff929ead6c

      SHA256

      6629b16df99db497d6dc5f08e382e53fecebd6a022ae7e4ba2b0745d7f211f18

      SHA512

      bcb87fe4fdc5f8dc27a5999087b6139ac09a5e355b573372832521d2b8960d20c372d77c67774452625eb473f3650275bea2523795b8dec2d1a027c200d549cb

      Download Submit

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\WINDOW~1.EXE
      Filesize

      155KB

      MD5

      2b2242729835aa9314f65ef230c064aa

      SHA1

      96ea8147b59b424bdee4afb42452fb31d9af070c

      SHA256

      a48c8b89bdd40200d5fb1ca382a5743062debcbf276f3d93ab5b262bbe27bf09

      SHA512

      653bceba3666440c7492ba59de6a1544330986397412134c2dd35ac78e0952347585a5dd8f77cb45bbf74613c03e6c730ce3711b362d74eed524e94cff4a9bef

      Download Submit

    • memory/1964-8-0x00000000001F0000-0x00000000001F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-5-0x0000000000190000-0x0000000000191000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-21-0x0000000000D30000-0x0000000000D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-20-0x0000000000D50000-0x0000000000D51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-19-0x0000000000D70000-0x0000000000D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-18-0x0000000000980000-0x0000000000981000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-17-0x0000000000D00000-0x0000000000D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-16-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-15-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-14-0x0000000000840000-0x0000000000841000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-13-0x0000000000970000-0x0000000000971000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-12-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-11-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-10-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-9-0x0000000000280000-0x0000000000281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-0-0x0000000001000000-0x0000000001136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1964-7-0x0000000000200000-0x0000000000201000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-4-0x0000000000210000-0x0000000000211000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-6-0x0000000000180000-0x0000000000181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-22-0x0000000000D20000-0x0000000000D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-23-0x0000000000D90000-0x0000000000D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-24-0x0000000000D80000-0x0000000000D81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-35-0x0000000003190000-0x000000000323F000-memory.dmp

      Filesize

      700KB

      Download

    • memory/1964-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-2-0x00000000001E0000-0x00000000001E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1964-29-0x0000000003190000-0x000000000323F000-memory.dmp

      Filesize

      700KB

      Download

    • memory/1964-55-0x0000000000220000-0x0000000000274000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1964-53-0x0000000001000000-0x0000000001136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1964-1-0x0000000000220000-0x0000000000274000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1964-43-0x0000000001000000-0x0000000001136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2612-42-0x0000000000400000-0x00000000004AE09F-memory.dmp

      Filesize

      696KB

      Download

    • memory/2612-51-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2612-57-0x0000000000400000-0x00000000004AE09F-memory.dmp

      Filesize

      696KB

      Download

    • memory/2612-59-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2628-52-0x0000000000400000-0x00000000004AE09F-memory.dmp

      Filesize

      696KB

      Download

    • memory/2628-37-0x00000000002D0000-0x00000000002D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2628-36-0x0000000000400000-0x00000000004AE09F-memory.dmp

      Filesize

      696KB

      Download