Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d596262efa...e2.exe

windows7-x64

10

d596262efa...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 12:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d596262efab34d7f5a682e38ef17b92eb719b14e5f95215ba781d73ea57889e2.exe

  • Size

    6.1MB

  • MD5

    e44f55a2d7aadbe34e7b10729f9cffb6

  • SHA1

    b8b26b6f74df9b668e06fdd2eb43b7ac455bda77

  • SHA256

    d596262efab34d7f5a682e38ef17b92eb719b14e5f95215ba781d73ea57889e2

  • SHA512

    e0e16b687fd83ab7de6c5f6cc96fbc88edc75faecd2686565573b48a650f9176320491c48ccc60ee4655278f6e6ae24a17565e3ef223a0f776db946662b794d8

  • SSDEEP

    98304:38Guubg9FJTeTdqHSzRmz1bOL+PnXcw799bYO8mMcuNFLOAkGkzdnEVomFHKnP:38GYfJT7PnswZF8vcuNFLOyomFHKnP

Score
10/10
banloaddownloaderdropperevasiontrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • N/A. 6 IoCs

    N/A.

    dropper
  • Modifies registry class 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d596262efab34d7f5a682e38ef17b92eb719b14e5f95215ba781d73ea57889e2.exe
    "C:\Users\Admin\AppData\Local\Temp\d596262efab34d7f5a682e38ef17b92eb719b14e5f95215ba781d73ea57889e2.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3004-0-0x0000000002AE0000-0x0000000002CE0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3004-7-0x0000000000400000-0x0000000000D6A000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/3004-6-0x0000000002AE0000-0x0000000002CE0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3004-13-0x0000000000400000-0x0000000000D6A000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/3004-14-0x0000000000400000-0x0000000000D6A000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/3004-11-0x0000000000400000-0x0000000000D6A000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/3004-10-0x0000000000400000-0x0000000000D6A000-memory.dmp

    Filesize

    9.4MB

    Download

  • memory/3004-15-0x0000000000400000-0x0000000000D6A000-memory.dmp

    Filesize

    9.4MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.