Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

9b7.exe

windows7-x64

7

9b7.exe

windows10-2004-x64

5

Resubmissions

07/05/2024, 15:07

240507-shcz9aeg94 10

07/05/2024, 15:06

240507-sgvhxacc6v 5

07/05/2024, 14:33

240507-rxbv3adh92 7

Analysis

  • max time kernel
    266s
  • max time network
    261s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b7.exe

  • Size

    1.2MB

  • MD5

    3e045f1fa7e08692418b1a21673ed3ec

  • SHA1

    41f9dc3023e480d6722cb18e16ce06395b644165

  • SHA256

    9b72da9d930ab568e000d6b8d833e673206fe655831ac2b7d794263818f8977a

  • SHA512

    e366df7a99809ad1548a8a88aeb961b1acd3431420b8035baf7c7670955833581e6b9594280e0996264f07d4feedaabbb759ad2e2ce16398ab819a9a15da7712

  • SSDEEP

    24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8azO9n4WH9A+8zhy0V2J:ETvC/MTQYxsWR7azCn4WuLrM

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3456
    • C:\Users\Admin\AppData\Local\Temp\9b7.exe
      "C:\Users\Admin\AppData\Local\Temp\9b7.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4372
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\9b7.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:4892
    • C:\Windows\SysWOW64\finger.exe
      "C:\Windows\SysWOW64\finger.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:4112
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:2800

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut320C.tmp
      Filesize

      268KB

      MD5

      368bffaed84bc1dbffec8bb31ed9dfdf

      SHA1

      21c7ad2ab70cbe8ef4f1c259a2e91c1a7ceec70d

      SHA256

      b01ff2279a65c0b16bd5b41e9f4eefeafd37d96b0363a1d8729aa6a0bb8d56bd

      SHA512

      90a1049c6e8ec973c17365532caf74bd42ca17bf860ddae633bb26e2ffc9ded25de7cef0782dd0bf36fbb34c74b58c83afc9e5f58a8e998f9d9c7d5234eddc95

      Download Submit

    • memory/3456-19-0x000000000DBA0000-0x000000001040F000-memory.dmp

      Filesize

      40.4MB

      Download

    • memory/3456-38-0x00000000037E0000-0x00000000038BC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3456-31-0x00000000037E0000-0x00000000038BC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3456-30-0x00000000037E0000-0x00000000038BC000-memory.dmp

      Filesize

      880KB

      Download

    • memory/3456-27-0x000000000DBA0000-0x000000001040F000-memory.dmp

      Filesize

      40.4MB

      Download

    • memory/4112-26-0x0000000000D60000-0x0000000000E02000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4112-24-0x0000000000F10000-0x000000000125A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4112-29-0x0000000000D60000-0x0000000000E02000-memory.dmp

      Filesize

      648KB

      Download

    • memory/4112-20-0x0000000000700000-0x0000000000740000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4112-21-0x0000000000700000-0x0000000000740000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4112-28-0x0000000000700000-0x0000000000740000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4112-25-0x0000000000700000-0x0000000000740000-memory.dmp

      Filesize

      256KB

      Download

    • memory/4372-12-0x00000000025A0000-0x00000000025A4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/4892-17-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/4892-22-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/4892-16-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/4892-15-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/4892-23-0x0000000001000000-0x0000000001023000-memory.dmp

      Filesize

      140KB

      Download

    • memory/4892-18-0x0000000001000000-0x0000000001023000-memory.dmp

      Filesize

      140KB

      Download

    • memory/4892-14-0x0000000001100000-0x000000000144A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4892-13-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download