Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

8a355b6d7d...ab.exe

windows7-x64

9

8a355b6d7d...ab.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2024, 22:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a355b6d7dbc4d914251a7996264a1adf9db6cb402158580f66658c1a9ae35ab.exe

  • Size

    49KB

  • MD5

    500e6084bdb332201d7c7e244df9cbf1

  • SHA1

    c355a3f4e3cab880115ad15045261bd21cbff18d

  • SHA256

    8a355b6d7dbc4d914251a7996264a1adf9db6cb402158580f66658c1a9ae35ab

  • SHA512

    a64a81faa07b5cb090ad4fc279cec85cbc87b6bd42e49bafb09d66b17435040319fcaf53df196e86ddfe58d10109105bf384f4c521a338c5041d60befa3265b9

  • SSDEEP

    768:4oMn6f9zSX3e3cZ9SoD8XD33fyEpk58sCuSNcIcXR/QGQeCa57qEvOC2Znm:26f9uusDSoDEXC58kSEYFa1v2CUm

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a355b6d7dbc4d914251a7996264a1adf9db6cb402158580f66658c1a9ae35ab.exe
    "C:\Users\Admin\AppData\Local\Temp\8a355b6d7dbc4d914251a7996264a1adf9db6cb402158580f66658c1a9ae35ab.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Users\Admin\AppData\Local\Temp\upsec.exe
      "C:\Users\Admin\AppData\Local\Temp\upsec.exe"
      2⤵
      • Executes dropped EXE
      PID:2288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\upsec.exe
    Filesize

    49KB

    MD5

    9135d7af26b51851b136d43ea96fefe5

    SHA1

    17a6f939adda7fd1d8e7efd2ab08e05a2706d4e7

    SHA256

    6da661a1a2ab898671d2437c1d20844ae1a622f3e40d1c5595d57c87b10e1194

    SHA512

    772b4f4fccc733056d07da2e6c5492f57f8ad272d49a59a7a87e8faf6ef662dffe50e803427e476a6ff92b47364587260d550a9b14322517239798e99cf77ed4

    Download Submit

  • memory/2288-13-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2288-16-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2288-18-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2992-0-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2992-1-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2992-2-0x0000000004000000-0x0000000004005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2992-4-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download