Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bbf48e9e6e...d2.exe

windows7-x64

7

bbf48e9e6e...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbf48e9e6efde3b96dcac6b37318a8b7c78924e5211283ff23787b1b76f2f9d2.exe

  • Size

    94KB

  • MD5

    3568eb4c82f3892e5df1557b21ab4fef

  • SHA1

    e45b568a39d7c95236197849145284bbced7c7e3

  • SHA256

    bbf48e9e6efde3b96dcac6b37318a8b7c78924e5211283ff23787b1b76f2f9d2

  • SHA512

    c1bd8b7932284bce63bd38861e9c3cc6b8d147eca7b878830ec220f1947f40356826cabce2095bdb8e7f9a6253d9b2b4a20fb81f6fa9d707ec439bb2ba8e59b3

  • SSDEEP

    1536:Sdyql1M7wIIEuti7rEYivykYkpaWj0OL+G7mJAm/lGAuJMLF4vsnXWkW316:SdV1Z1i3QKqSGCJr/lkJ6FQsnR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbf48e9e6efde3b96dcac6b37318a8b7c78924e5211283ff23787b1b76f2f9d2.exe
    "C:\Users\Admin\AppData\Local\Temp\bbf48e9e6efde3b96dcac6b37318a8b7c78924e5211283ff23787b1b76f2f9d2.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\_del.bat
      2⤵
        PID:3040
    • C:\Windows\SysWOW64\sppsrv.exe
      C:\Windows\SysWOW64\sppsrv.exe
      1⤵
      • Executes dropped EXE
      PID:4924

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_del.bat
      Filesize

      294B

      MD5

      8b59813ec187595e99c410080b572d75

      SHA1

      87cd2fbaf69845684e867da1495d464218660142

      SHA256

      23da1d260f3b83e636c8ebeb93f5690e69da2fedc3bd46bcbb08a0c4f4d1e375

      SHA512

      336fd974c0e69bd3609427c4c6a91b5dada52ff3e334671278cd4f2938f25780121de5f371caad83dc9bdab463016d4f166bfe4a3116fe9e8b3e31b911c8a4bf

      Download Submit

    • C:\Windows\SysWOW64\sppsrv.exe
      Filesize

      94KB

      MD5

      bf961f972b12877f6e6dd5d8a79474ed

      SHA1

      4a24cbee72756e69f6bf038487e8b21a0f48572d

      SHA256

      3bb785d914c1e138b14aefc40a68632eda90ca8ee8d7fb33ad963b4b9812aa3a

      SHA512

      ccf49be9edff0383b0a77d1aeb9a2d55d5ea6b46b83e928aed8d8b23c7bd851a0f5676e3a6ee88ee6c7161281b16f9527df55e82ece38940e3bd262779f22431

      Download Submit

    • C:\Windows\SysWOW64\xpwunp.dat
      Filesize

      740B

      MD5

      573ddf096af977302a682cdd2d5bc3df

      SHA1

      a31c79b73df67aa0831c1da69722a61b772eded4

      SHA256

      c519b797c58eb956c809846e96af697f9bf69da6c183f663e860510d1b8e82dd

      SHA512

      4b9b739111328f5deb898335707a5dfeb861aa35d2463f00e9d5fad13dd25b183258487d220a4c4a455a728de250066267c4cb73f47c0c9fb9c015143049776b

      Download Submit