Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

e18de2b27a...f1.exe

windows7-x64

7

e18de2b27a...f1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e18de2b27a663f6846214ec173831bf1.exe

  • Size

    48KB

  • MD5

    e18de2b27a663f6846214ec173831bf1

  • SHA1

    c82de45993410c366d42e736ec677b3652531d14

  • SHA256

    c6eb261246006172d4747f446bc0b0bec89e9a0b620599834ab5d4b75b43d0e3

  • SHA512

    b583c766698835ffa34294d13801fb1444095170817a6e03cdabb0b1283d9e913eb982419d6c078da675c98404f8e40f9ccca7b8af7d98ec71c8ed0ba8c1ea4d

  • SSDEEP

    1536:s2fRz+rGYkk7whkhLEKjQ7HKF7f88P/y4:skz+rGYRwmEGQ7HKF7BPq

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e18de2b27a663f6846214ec173831bf1.exe
    "C:\Users\Admin\AppData\Local\Temp\e18de2b27a663f6846214ec173831bf1.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\_check32.bat" "
      2⤵
      • Deletes itself
      PID:2556
  • C:\Windows\SysWOW64\aspimgr.exe
    C:\Windows\SysWOW64\aspimgr.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_check32.bat
    Filesize

    179B

    MD5

    ab3cdfeecda06f992835fb4715f9499c

    SHA1

    b7f9ea4433b1c4185d7c944d0adbf9c1685757ee

    SHA256

    9e0c0e33134ebeebfe0fc2e666ba55e98a661b27d638180bf8a540d0d9f6c974

    SHA512

    1c7b9db38664994c0ec43a74de317275dc6416d189c0620ad7f88b2f046c778f1be4982d787ea1754a7ce8ebd6b32bbb200558ae15794e6a9fdb945da193381b

    Download Submit

  • C:\Windows\SysWOW64\aspimgr.exe
    Filesize

    76KB

    MD5

    0e90434bff4d9b9a7af1823b4e15ef95

    SHA1

    1cef350445f2ad32e66cf140c61ea23905f217e0

    SHA256

    1b7067c559f7c56387c85efb5607dce2d582b3d61ab1e14076b39572d11d8db8

    SHA512

    2851649ece9b3b3e25679653cf151ea4fcd0b4c7b7c07e1c9da3b19fb31db002f09598ea63f9cea3de516ccad96987dd548242a5386e46d68f5ee7a47cb93dfa

    Download Submit

  • C:\Windows\db32.txt
    Filesize

    100B

    MD5

    0ec43532ebb4cb128756cae16a6c8a1f

    SHA1

    c1003014cd2c0682e59f00fbb195e4926774c45a

    SHA256

    c7ef2d1f7b0b6339ed60881718c5f76cf1b44292ad6b6c7b7fe5cfb4658e7562

    SHA512

    c7d95cd687ad9a3a21057348a5da7f140cae9b29de90a494a6062297a6c7d9a82c6d6c2293e764552e004465cb4d80a4d8cd07915771efd3cf71de00e6aa9086

    Download Submit

  • C:\Windows\s32.txt
    Filesize

    57B

    MD5

    6d5a6ae5a286557b4bd2dde7d664a33f

    SHA1

    0c0337f8a9b19d0f749547578b4907506c0fcf9f

    SHA256

    bd16bd826602c6547a8a95239225ae225df7b3046bd08b8d96c414003cbf12e7

    SHA512

    b4d3172657627ec8467d535c4140b02d643009472caa6dc5ea5f898bcc9bab922144bc4a352a22c56e0800087a82ea366ae92134725ed68b20ed7ebaaa2f5e34

    Download Submit

  • C:\Windows\ws386.ini
    Filesize

    12B

    MD5

    5aad4b42fcb56f2fd21c9f1bc08e997f

    SHA1

    da02214c9d0f66f834649e26fd530c4fc06a0f11

    SHA256

    8123a4f78c7f4d85cc5013d1a962c6ca6601414295c00e5bb7ac24361c40880c

    SHA512

    65728ff669f0ab61004aa5f7bcc8c98970afe7b5fa7b77605348d8218f5399e6ae1cda866d47aa21a54af45ebf4a46ff5fb99d85bc70b290f5d4c0ecf6b6e6ed

    Download Submit

  • memory/1704-0-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1704-16-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download