Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

d391e53151...70.exe

windows7-x64

7

d391e53151...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    8s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d391e53151717ced83fd384043bcc770.exe

  • Size

    390KB

  • MD5

    d391e53151717ced83fd384043bcc770

  • SHA1

    4e68237d0288f4329b3a4e0b3c718078de0b3e86

  • SHA256

    c24cb705aae5bdfe1558bf6ad3b5cd42719433fdb3128c4b743764740d78c41e

  • SHA512

    c987df559799d3e7ab7c4dc38497b299e5b2075ea0f6e324ddeee29592239565cbd8ac3a7bd35bcbc2ff53b3c451d431288fae073890c3c302ecfcb72914e5f4

  • SSDEEP

    12288:Da1gEN9zyXnMCLW5s8vr+qzxcyI1I7FwwtV4cqxUz:tEN9eX7bSr+qzxXIa1bm+

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d391e53151717ced83fd384043bcc770.exe
    "C:\Users\Admin\AppData\Local\Temp\d391e53151717ced83fd384043bcc770.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4876
    • \??\c:\windows\SysWOW64\msiexec16.exe
      "c:\windows\system32\msiexec16.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2636
      • \??\c:\windows\SysWOW64\msiexec16.exe
        "c:\windows\system32\msiexec16.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:868
        • \??\c:\windows\SysWOW64\msiexec16.exe
          "c:\windows\system32\msiexec16.exe"
          4⤵
          • Executes dropped EXE
          PID:5068
          • \??\c:\windows\SysWOW64\msiexec16.exe
            "c:\windows\system32\msiexec16.exe"
            5⤵
              PID:3376
              • \??\c:\windows\SysWOW64\msiexec16.exe
                "c:\windows\system32\msiexec16.exe"
                6⤵
                  PID:3392
                  • \??\c:\windows\SysWOW64\msiexec16.exe
                    "c:\windows\system32\msiexec16.exe"
                    7⤵
                      PID:4824
                      • \??\c:\windows\SysWOW64\msiexec16.exe
                        "c:\windows\system32\msiexec16.exe"
                        8⤵
                          PID:1068
                          • \??\c:\windows\SysWOW64\msiexec16.exe
                            "c:\windows\system32\msiexec16.exe"
                            9⤵
                              PID:5036
                              • \??\c:\windows\SysWOW64\msiexec16.exe
                                "c:\windows\system32\msiexec16.exe"
                                10⤵
                                  PID:1444
                                  • \??\c:\windows\SysWOW64\msiexec16.exe
                                    "c:\windows\system32\msiexec16.exe"
                                    11⤵
                                      PID:4516
                                      • \??\c:\windows\SysWOW64\msiexec16.exe
                                        "c:\windows\system32\msiexec16.exe"
                                        12⤵
                                          PID:5064
                                          • \??\c:\windows\SysWOW64\msiexec16.exe
                                            "c:\windows\system32\msiexec16.exe"
                                            13⤵
                                              PID:1508

                    Network

                    MITRE ATT&CK Matrix

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Windows\SysWOW64\msiexec16.exe
                      Filesize

                      390KB

                      MD5

                      d391e53151717ced83fd384043bcc770

                      SHA1

                      4e68237d0288f4329b3a4e0b3c718078de0b3e86

                      SHA256

                      c24cb705aae5bdfe1558bf6ad3b5cd42719433fdb3128c4b743764740d78c41e

                      SHA512

                      c987df559799d3e7ab7c4dc38497b299e5b2075ea0f6e324ddeee29592239565cbd8ac3a7bd35bcbc2ff53b3c451d431288fae073890c3c302ecfcb72914e5f4

                      Download Submit

                    • memory/868-10-0x00000000006D0000-0x00000000006D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/868-13-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/1068-28-0x00000000006D0000-0x00000000006D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1068-32-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/1444-34-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/1444-35-0x00000000008C0000-0x00000000008C1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1444-39-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/2636-11-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/2636-7-0x00000000007D0000-0x00000000007D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/2636-6-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/3376-22-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/3376-16-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/3376-17-0x00000000006C0000-0x00000000006C1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/3392-21-0x00000000009B0000-0x00000000009B1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/3392-25-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/3392-20-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/4516-38-0x00000000009D0000-0x00000000009D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4516-42-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/4824-24-0x0000000002180000-0x0000000002181000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4824-27-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/4876-8-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/4876-0-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/4876-1-0x00000000007C0000-0x00000000007C1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/5036-36-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/5036-31-0x00000000008D0000-0x00000000008D1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/5036-30-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/5064-41-0x00000000008C0000-0x00000000008C1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/5068-18-0x0000000000400000-0x00000000004EB000-memory.dmp

                      Filesize

                      940KB

                      Download

                    • memory/5068-14-0x00000000009C0000-0x00000000009C1000-memory.dmp

                      Filesize

                      4KB

                      Download