Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/04/2024, 23:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcfca4565cbc5d565c50ac5321beb9c9797569ce52b8df21f9cc2caad25aa2b4.exe

  • Size

    81.4MB

  • MD5

    f2c4bf49d9d2bf6b68507fddfe4b4882

  • SHA1

    2699920d1e4f0f3623fce7a4f3883106fcb05d69

  • SHA256

    fcfca4565cbc5d565c50ac5321beb9c9797569ce52b8df21f9cc2caad25aa2b4

  • SHA512

    38a535ec1385f4c6e11d4119038095376caf0ba33dac96c6263a79a29faecfd047ef0e014acf0893820cc63f2c0420272ba397662d9495c36b86b2d70baa1e43

  • SSDEEP

    1572864:hB5eZ35ERdfoUrM425QLYhE78X2Iiq6vcF/cfPKF1UfylTgfllqEGJ:hB5eMDgUre3E7acfPC1Ufye9I

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcfca4565cbc5d565c50ac5321beb9c9797569ce52b8df21f9cc2caad25aa2b4.exe
    "C:\Users\Admin\AppData\Local\Temp\fcfca4565cbc5d565c50ac5321beb9c9797569ce52b8df21f9cc2caad25aa2b4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\InstallerSoftware_v5j.1h.0\InstallerSoftware_v5j.1h.0.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallerSoftware_v5j.1h.0\InstallerSoftware_v5j.1h.0.exe" -pYJKRCe1x4g1M
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Installer_Software_v1.6a.1y.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Installer_Software_v1.6a.1y.exe"
        3⤵
        • Executes dropped EXE
        PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\error.txt
    Filesize

    78B

    MD5

    dec31f59dd2af4ab31ec413aa18ec2f3

    SHA1

    955bf8155ca4d1f8590a6e25ec29c141c13b0a59

    SHA256

    dc9b10dceae221f53ece250548de7444cbd007b92167bc9ec0d284edebd40a46

    SHA512

    68eb9127b1bde3a38b5754fe8585bc315981ab6371a327fe6a0c8c2c176eed0079a37e465776ea242ba9501be3c096b7de85b26db82a47d16b94c409113893d8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\InstallerSoftware_v5j.1h.0\InstallerSoftware_v5j.1h.0.exe
    Filesize

    80.2MB

    MD5

    b73e09ccf446645e51df979f7b30d675

    SHA1

    91d87430e03795fdb9a4452b57881b792035bf29

    SHA256

    cb9910c5288ea1355744ba8060f73d5629e75136da2d200996cadf2090a6ac0b

    SHA512

    4281a37cda7df3d903ad38c894f947ff0c2787893b818b6d8ca7122ea6e1d9d200f5a80a75d072aa4daa65d34af186629fe1d2262208e59cba41705f472d1c9e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\Installer_Software_v1.6a.1y.exe
    Filesize

    707.7MB

    MD5

    0ba6db3aa0ce411288ef991ecf30b6e2

    SHA1

    a7cb38951d683558346b944b7c4b7ce3fb8ddbc1

    SHA256

    35cb27b07242b7ec59171f28e864a53217e475a516d35f140897801fc0da15bf

    SHA512

    3cf29bc1e7a935786d2ed61d5542b6aefd4ec3936840db5e87fb00a70712f3f479afe571329d33e3ebc16aea126dc51e06dd71a935519b18c05e61a7fa6d02ac

    Download Submit

  • memory/2060-26-0x0000000073A00000-0x00000000740EE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2060-27-0x0000000000B80000-0x0000000001B80000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/2060-28-0x000000002E4A0000-0x000000002E4E0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2060-29-0x0000000073A00000-0x00000000740EE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2060-31-0x0000000073A00000-0x00000000740EE000-memory.dmp

    Filesize

    6.9MB

    Download