Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Isisvideo.exe

windows7-x64

7

Isisvideo.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Isisvideo.exe

  • Size

    55KB

  • MD5

    e75eef82eba9fb4946d6e9d42abd4fe5

  • SHA1

    e1bc20e9648028ceca5a5f27549ac0c13aeb23f4

  • SHA256

    edbf9376617abec8a3f8ca5726171917c6c690ca9471f38421cfcaab2e79a467

  • SHA512

    0869606a04aac1a46572e1366855cbb711e1bd92950dfb9924fc1cfb17188529e6bf542e9213d20373f86c0628f587efd9891ba8125a6992b61833c189fa5469

  • SSDEEP

    1536:x1qTXQOp6mG/Lqa823grKUfMQ7UnPQ1Bx:ozp6mOZ8ZhfNUnPQx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Isisvideo.exe
    "C:\Users\Admin\AppData\Local\Temp\Isisvideo.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Windows\SysWOW64\CMD.exe
      CMD /C Copy C:\Users\Admin\AppData\Local\Temp\ISISVI~1.EXE C:\Users\Admin\AppData\Local\Temp\pokemon.exe
      2⤵
        PID:2156
      • C:\Windows\SysWOW64\CMD.exe
        CMD /C Start C:\Users\Admin\AppData\Local\Temp\pokemon.exe
        2⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2752
        • C:\Users\Admin\AppData\Local\Temp\pokemon.exe
          C:\Users\Admin\AppData\Local\Temp\pokemon.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1428
          • C:\Windows\SysWOW64\ipconfig.exe
            ipconfig /flushdns
            4⤵
            • Gathers network information
            PID:2672
          • C:\Windows\SysWOW64\ipconfig.exe
            ipconfig /renew
            4⤵
            • Gathers network information
            PID:2676
          • C:\Windows\SysWOW64\CMD.exe
            CMD /C Start C:\Users\Admin\AppData\Local\{NRAI8~1\efcokq2t.exe
            4⤵
              PID:2684

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\pokemon.exe
        Filesize

        55KB

        MD5

        e75eef82eba9fb4946d6e9d42abd4fe5

        SHA1

        e1bc20e9648028ceca5a5f27549ac0c13aeb23f4

        SHA256

        edbf9376617abec8a3f8ca5726171917c6c690ca9471f38421cfcaab2e79a467

        SHA512

        0869606a04aac1a46572e1366855cbb711e1bd92950dfb9924fc1cfb17188529e6bf542e9213d20373f86c0628f587efd9891ba8125a6992b61833c189fa5469

        Download Submit

      • memory/1428-9-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1804-6-0x0000000000400000-0x0000000000414000-memory.dmp

        Filesize

        80KB

        Download