Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

65f8738037...18.exe

windows7-x64

7

65f8738037...18.exe

windows10-2004-x64

7

$_3_.exe

windows7-x64

3

$_3_.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22/05/2024, 04:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_3_.exe

  • Size

    1.8MB

  • MD5

    799caa8125d22c36004c2a67fcacffa4

  • SHA1

    eadd26fa7f4b437d3e9fdd24f937ca2e8a212654

  • SHA256

    29745a486c04a8a2766814c5e0fb752a8dbc7b384a63e398d7262b315a8d49b5

  • SHA512

    7c5d7dc18bf735bd4bf4452c850cc6fb4d3c98d9aa32a9873a4ca43349b6622b599452ee3b71ca07298e2d5aba58ece92815e74574ca1b56abaf7e99ebb4f8c2

  • SSDEEP

    49152:aSNY8H0ZGF5j51XdQTPRPgo/x1NslvUOl/WkMWA:hY00Z8F1XdU

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_3_.exe
    "C:\Users\Admin\AppData\Local\Temp\$_3_.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\5197.bat" "C:\Users\Admin\AppData\Local\Temp\B6D41BF7D182489995EFEC4265BFD9AB\""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:872
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5197.bat
    Filesize

    214B

    MD5

    739fcc7ba42b209fe44bea47e7a8c48f

    SHA1

    bc7a448a7c018133edcf012bc94301623eb42c5b

    SHA256

    69017cdbbe68396f45e41d211b22d800cc1afc0eadbd3440873038585020315c

    SHA512

    2b2b130798b0f4e534626b9fb5deaa10bb1930e6700ac0ba7cf151c1bf3239039a7032ea67ceed86a4a4dbe981064c42a8e0f88fe8361e27002dd8ceb0ea767a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\B6D41BF7D182489995EFEC4265BFD9AB\B6D41BF7D182489995EFEC4265BFD9AB_LogFile.txt
    Filesize

    9KB

    MD5

    9a664156644c5b6a30090e04dc487e33

    SHA1

    c94533ef67d5b50654edf616878df3dc70a0f5b6

    SHA256

    77d527509d304efff903a02d9718bebb29997ad53a435892b690ea4c4b953de3

    SHA512

    4c2e9cb3c537726f064fccbcb0b6b0de59ad9b0ea545ae14cfd8a637e3481fd65ce5a640765716e9b561a4da566c784fb29381e4987a0e1bc79b16a95aaec257

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\B6D41BF7D182489995EFEC4265BFD9AB\B6D41B~1.TXT
    Filesize

    111KB

    MD5

    d6bd87ff1d141c719e6f3468bf1dec01

    SHA1

    7eb7f6a3dc424e7c669f4755bd36d3cecff71a48

    SHA256

    88dc1a5f183d9e14718c1212640711bb7a61f24cae415a576bfc5bedeb37b67e

    SHA512

    5b52f5ed4303dbf309b62ea4fe254582ef46a7746106db46fa15f95e2cb59520eac0b08a17053f093a9e45db54b86786ab2c9697962334946b30354c952f4ecb

    Download Submit

  • memory/2060-61-0x00000000004E0000-0x00000000004E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-184-0x00000000004E0000-0x00000000004E1000-memory.dmp

    Filesize

    4KB

    Download