Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

xeno.bin

windows7-x64

3

Analysis

  • max time kernel
    18s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 11:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xeno.bin

  • Size

    37KB

  • MD5

    9a822598e6ce84d9f91568e4b2a590f5

  • SHA1

    d8fc5be1d00112c1f2c27c6ae83a17a1535c148a

  • SHA256

    74f9f2adf655a959c5bf7cef689618672a28546bf6df32cc6e472b047c75c1a1

  • SHA512

    ee820515757a793bb5ca5da6697fa5d6c7e0ff177e5b1f6fe6c1bc629b9eac24fb9e6d7ca7d3337637054a7f00a112038ce3a3e96c49c4df3ef6ed9d5005135f

  • SSDEEP

    768:FEJWJf4tViQOW2GRXslVS8gcuTdSPOaC9Mw1BfiTVNTPrFdy4Y:F8ZtViQz2GRXf8gcMwOa8BfAhPrFd1Y

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\xeno.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\xeno.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\xeno.bin"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    4f20810ceb3a34b8f3b1b1c70a4f9fd3

    SHA1

    771655bc626a8ab933d01f91919f514961f4c67e

    SHA256

    f83394b13ab41ae4f534c2ab6441110240b845427982c3e995f34094a7d6ede6

    SHA512

    a43129ebf7093ed2184d1fd324545c8a4e67f261365d007294676b5c66088fa069cf69ebb16c99a45325f2dc3befa9d13fb18f4ba2e1001ec73994516cc222af

    Download Submit