Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3e0f59cb64...5c.exe

windows7-x64

10

3e0f59cb64...5c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 19:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3e0f59cb649699c6004139763a123b5c.exe

  • Size

    5.9MB

  • MD5

    3e0f59cb649699c6004139763a123b5c

  • SHA1

    33d1b61ec90d7e747ab03cc3563358bcbf73d1cc

  • SHA256

    af1e9014d4c93ccaf1951775e742a2f3ab22aa8c670dc2dab42c4a576e360b55

  • SHA512

    7780b561ecbc4b7d3fbddc677866052a1331c7b9dd451349ef431aacff4873e02bfb722323af3a433a403108f743fb3f68f85427ea65b1471e463823fc7db43e

  • SSDEEP

    98304:dG6q0HqBQgN71haEmfJ7vl003/VfBtaiq2KveJddj8J7Em9S7MxWBvEe0aRKCeAl:A6q0HkQgN1DmfJLO03/Vnaiq2L8dET6S

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e0f59cb649699c6004139763a123b5c.exe
    "C:\Users\Admin\AppData\Local\Temp\3e0f59cb649699c6004139763a123b5c.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCX2E04.tmp
    Filesize

    5.9MB

    MD5

    4d98dcee1bfaee6b1e48efad371af4b8

    SHA1

    dfaf735d8c50c621ef974f9b3f27d85ed24c649d

    SHA256

    e9fbec5209aa746c6e2a8044172133668eaad214371617ab0dcbc3787b4892b8

    SHA512

    19c4fdab3737e58a8a778ca5514db7e85cc1c15080644707b9e345ea5a4f2ed43891fc994b059adb2ea74e4737e5c25cc2285a6392fd2ecf355197712f312897

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zG.exe
    Filesize

    6.0MB

    MD5

    1b3c477075ea2e3d7c0223263cf3f0b5

    SHA1

    2fded85dd149bf4d4ca806a0c334804f099c5d77

    SHA256

    8ab8256ea98d2896e892e518cd07875a384737df6e52097cb09aa33406fab07d

    SHA512

    3a54bc0447ac453918f60f09bce7326f3676d712c62cfcae05c04e3995e0791a30e3f2d07dc755aa1b831de7019bed8f5d32d601a8e622327948426395cd5e75

    Download Submit

  • memory/2872-22-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-15-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-6-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-9-0x0000000000400000-0x0000000000D43000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2872-8-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-12-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-11-0x0000000077900000-0x0000000077901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-32-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-27-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-17-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-5-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-0-0x0000000000400000-0x0000000000D43000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2872-13-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-37-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-35-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-30-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-25-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-20-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-3-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-1-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-155-0x0000000000400000-0x0000000000D43000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2872-156-0x0000000000400000-0x0000000000D43000-memory.dmp

    Filesize

    9.3MB

    Download

  • memory/2872-157-0x0000000000400000-0x0000000000D43000-memory.dmp

    Filesize

    9.3MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.