Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

f1736d2df5...f4.exe

windows7-x64

8

f1736d2df5...f4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1736d2df5184c5f076b522de328845b7e7b32d81ac05aa2c03daf6096bc45f4.exe

  • Size

    249KB

  • MD5

    858c2faf6e30e22a3538ca9a8f16594f

  • SHA1

    e737b62c01bb087998634ed824d13c6692a8ddfa

  • SHA256

    f1736d2df5184c5f076b522de328845b7e7b32d81ac05aa2c03daf6096bc45f4

  • SHA512

    255ece43bf5142004daef79f78ad8238803a1df4a65c044ef8cbc07029c7e5812b1c309cd7640124976a748dca3b091709b289c6b972c75a45bda26a50a7dfa0

  • SSDEEP

    3072:MRAhhcsxgAJuK7bZD01GoI0ONtNmlngmx5MOatnF0TWLwFqoLnbrfZ2wYdc87jbt:MRAhhJxX7bNIFlvWLcDffZMX31L7

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1736d2df5184c5f076b522de328845b7e7b32d81ac05aa2c03daf6096bc45f4.exe
    "C:\Users\Admin\AppData\Local\Temp\f1736d2df5184c5f076b522de328845b7e7b32d81ac05aa2c03daf6096bc45f4.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies registry class
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\concp32.exe
    Filesize

    260KB

    MD5

    29aa20bcab464bf62fa5591b650538a7

    SHA1

    6c2c92165c08fee06d729610be8065c608ea2e83

    SHA256

    686986cf27efc0b51659eefbd28d9d5aa50a3106f6a59cdea20adaf7803b0421

    SHA512

    b286be2b2746e38a24b2120e5aab9255d4b2f371670c563995a82e6c2370abf344954f024de63e09ceb90bb5fd6ba1d037b2d1b341c5caff975110864cc92f5f

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    252KB

    MD5

    131ad2ac379cf27c0a3ae5fff484d927

    SHA1

    018a3659d786065e576db56c719f55118315d31e

    SHA256

    25747977140d17b848a5f0f3af163a730ecad204a411ae6facb0966bd07caec5

    SHA512

    fe4b7cd27ad00b2db4f11125f3a65c886df8ae753fffb96bb860bc5bae6bb7533b68b9599c634c46d7f5e64e675081de2b5ab59da0630b7d3630e7c4d05b3bfb

    Download Submit

  • memory/2408-15-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2864-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2864-14-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download