Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

01225f09c9...e9.exe

windows7-x64

8

01225f09c9...e9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01225f09c9cfe6b65bd30b5af4a41bd6c1f35c94a95e1ab50ae6f9153bb006e9.exe

  • Size

    6.8MB

  • MD5

    7e5bff95ecbbf4f35d41694ff8add1ca

  • SHA1

    7b2d06361147128c423f7c0dbff8e25ee58e80e5

  • SHA256

    01225f09c9cfe6b65bd30b5af4a41bd6c1f35c94a95e1ab50ae6f9153bb006e9

  • SHA512

    84c0d65a6685b8751671dba9d78f1b98576c981aa53e59f269c9a995837a13f3b594989f3f1322be0d19378c6e97796d3871dd349ece4d4e0ea3abb89348c604

  • SSDEEP

    49152:YAP0EYVgRFWi30MZpbyWcS+fOVzaAU6SzqMj4KKUvRULvxhZf/YmDR4/jKBiRqP6:YVrjMif2laEy+UZu5YKBioTnkMGGTwd

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Delays execution with timeout.exe 3 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs
  • Views/modifies file attributes 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\01225f09c9cfe6b65bd30b5af4a41bd6c1f35c94a95e1ab50ae6f9153bb006e9.exe
    "C:\Users\Admin\AppData\Local\Temp\01225f09c9cfe6b65bd30b5af4a41bd6c1f35c94a95e1ab50ae6f9153bb006e9.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\bb7905ba-7ab2-4164-9034-a64dc9e08e43.bat""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Windows\system32\timeout.exe
        timeout /T 1
        3⤵
        • Delays execution with timeout.exe
        PID:2580
      • C:\Windows\system32\attrib.exe
        attrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\01225f09c9cfe6b65bd30b5af4a41bd6c1f35c94a95e1ab50ae6f9153bb006e9.exe"
        3⤵
        • Views/modifies file attributes
        PID:2548
      • C:\Windows\system32\timeout.exe
        timeout /T 1
        3⤵
        • Delays execution with timeout.exe
        PID:2692
      • C:\Windows\system32\attrib.exe
        attrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\01225f09c9cfe6b65bd30b5af4a41bd6c1f35c94a95e1ab50ae6f9153bb006e9.exe"
        3⤵
        • Views/modifies file attributes
        PID:2512
      • C:\Windows\system32\timeout.exe
        timeout /T 1
        3⤵
        • Delays execution with timeout.exe
        PID:2544
      • C:\Windows\system32\attrib.exe
        attrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\01225f09c9cfe6b65bd30b5af4a41bd6c1f35c94a95e1ab50ae6f9153bb006e9.exe"
        3⤵
        • Views/modifies file attributes
        PID:2376
      • C:\Windows\system32\attrib.exe
        attrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\bb7905ba-7ab2-4164-9034-a64dc9e08e43.bat"
        3⤵
        • Views/modifies file attributes
        PID:2452
    • C:\Users\Admin\AppData\Local\Temp\cFdzzThpzntD.exe
      "C:\Users\Admin\AppData\Local\Temp\cFdzzThpzntD.exe" 1
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bb7905ba-7ab2-4164-9034-a64dc9e08e43.bat
    Filesize

    815B

    MD5

    44c9799180bc03725404cbd4e4cec184

    SHA1

    aee0d14e75ce8252bcc0b4d96663a13ca52bf293

    SHA256

    07dce570e1c475590e769587281aa5d9c14b37b0cfcc8c663758022f3a4ee72e

    SHA512

    5af971c06d10a091d102baf01dbe7515e2819f591e779ab356ca419b8dd9e8c69b0ae637c67514f2f231b6caf15b63a4abb03d28d76eedf3a7ad6f5eced7b426

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cFdzzThpzntD.exe
    Filesize

    6.8MB

    MD5

    1eea8635bcd7755c7c410e53872ea616

    SHA1

    6451378ace962ef3971405c8feb791a79ecdb67b

    SHA256

    9583aeeda34adbfa51cdf21ee965673672f022373fe47a17a270a1846794bc3c

    SHA512

    1ba07ef3a2f96556cb719fc11609a8876dfabd7335ec546091c52d34cce4ac5824feab97cef657e3689f009fd7402913efb21f4b51c8a0e62fd9950c9a719799

    Download Submit

  • C:\Users\Admin\AppData\Roaming\gamehelpers
    Filesize

    52B

    MD5

    fc7e7e536120e0d86a5c0b8eaa4b3ef1

    SHA1

    e1ec825ab295a243e546f8330903843804b70de7

    SHA256

    e462109132ebf44db2b09724df5af3ae2c46edd00b9a7285480756eafde9e62e

    SHA512

    24e27bb607c7602ee8e9b374fba184758d447cc82af7abaa0f1a9ceaba19683a8a6cde93309bd606c4ca7a9425e20d10a24010a8ace02f13a36529020a72bf53

    Download Submit

  • C:\Windows\system32\drivers\etc\hosts
    Filesize

    1023B

    MD5

    7cc9babf9adf5c2cd07bdabaa3472d6f

    SHA1

    250b4a1577ff7af4ff2bfe6c336bc6e6fe5c63bf

    SHA256

    4fe971365dec711ff93aa70ada171228ae76a78bcefcd81cc40c77f5e0797baa

    SHA512

    13777defa282354d7879c7a28603cdb9075235c8f4017ff31c53578846e927fa04f29f96093b2824f1528558c978630903e3bd19ef6cde63674d75a307c9150c

    Download Submit