Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

156414d5db...c6.exe

windows7-x64

7

156414d5db...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 18:59 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    156414d5db138d063f8bad62a8c87a78619599a8ab1bf3cd6ecadc7ccd0d82c6.exe

  • Size

    12KB

  • MD5

    0f7455444721bf52547e4070f54b8445

  • SHA1

    d7b7612e820d2c48b86bcc3527c2928357bf881e

  • SHA256

    156414d5db138d063f8bad62a8c87a78619599a8ab1bf3cd6ecadc7ccd0d82c6

  • SHA512

    da3283394e6eaeda375ca271f5b3b81822055e6bf2aa4737d87489f0af07efd368b33962b383e8134d3581ef868b9aa944a6d4e26a46a7609314c219f86ef366

  • SSDEEP

    384:6L7li/2zfq2DcEQvdhcJKLTp/NK9xaW2r:krM/Q9c1r

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\156414d5db138d063f8bad62a8c87a78619599a8ab1bf3cd6ecadc7ccd0d82c6.exe
    "C:\Users\Admin\AppData\Local\Temp\156414d5db138d063f8bad62a8c87a78619599a8ab1bf3cd6ecadc7ccd0d82c6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\brfhzkd3\brfhzkd3.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1DBE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc95D6FCAEB7E6495C9310AC90AD7952F.TMP"
        3⤵
          PID:2564
      • C:\Users\Admin\AppData\Local\Temp\tmp1CE4.tmp.exe
        "C:\Users\Admin\AppData\Local\Temp\tmp1CE4.tmp.exe" C:\Users\Admin\AppData\Local\Temp\156414d5db138d063f8bad62a8c87a78619599a8ab1bf3cd6ecadc7ccd0d82c6.exe
        2⤵
        • Deletes itself
        • Executes dropped EXE
        PID:2572

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RE.resources
      Filesize

      2KB

      MD5

      9e9cdbee36c64c74d4902a58a4aafbe6

      SHA1

      08a50e2077ee3cd8658a537e5afee8d9cdae75d7

      SHA256

      40373a534b91478adeb58481ddff312d5f1b72f0c5c9f35721b79afeaf012e1f

      SHA512

      55d84a5ef92bc0790fb6da475a2bab439df8619cd45443db814f6f261350e46a71ddf4f9cd3a7541057ef33c489776b57dd319bfd774a010d02e06840a30f9d4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\RES1DBE.tmp
      Filesize

      1KB

      MD5

      91c0d2ca2a5c9b7ab1103b91fbb335b5

      SHA1

      77519b4e57a0e4c236eb41c653bc1cdd62734183

      SHA256

      e1672f973512059be9a8ee75042b89da2f8cb00ea4c55260ae0a558a022ee94c

      SHA512

      2ded51d5e0134eaaae9a2a3f676135fe5e7b9db075a7b3a5ba0c75d2dd87694d56a913dde90d02c30e23f50638cbf3d8c92dd81dab63b5861d10352e244d9c61

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\brfhzkd3\brfhzkd3.0.vb
      Filesize

      2KB

      MD5

      91bd59587bf25271221af97fc25e3708

      SHA1

      cbc794aa79954727fb2fa57d46675064243e8f33

      SHA256

      7b9a7796d534c9afa5c76e422a565dc913673e4fe35f30341eadb1ecbcff07da

      SHA512

      55f963e0a5733aab94f5bec15d116c93593189d1c0540ff893ce46c136acd6c7e8db3972ac1a9539ced45ba67359ed67ccdeb33615479b7eda05bc73cbaa4159

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\brfhzkd3\brfhzkd3.cmdline
      Filesize

      273B

      MD5

      e72e0b941b61fdc0c271a5ca35a090ab

      SHA1

      2c1b5aa3682ce52fd92d94e919acf2f624ca740f

      SHA256

      2da312cf871d7c4b1eb2844c637957a2b0522f0c8941159cda920db7f47929d6

      SHA512

      017cca32b2a347bc20d7374aa1157a448b1a31422ba33bff3353cf0e981d35a4be53d34ba8c564e42fd2d464193fc9d8886e42590d4a767fa28e684fdfeb8875

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp1CE4.tmp.exe
      Filesize

      12KB

      MD5

      e2d562082178d22ca064666ab00fe22c

      SHA1

      2cf6f71eb810e7eb00853239b6b0cbeed56250db

      SHA256

      de9dd161816a53633a54b1920b94a335c93a89bf712888aceab4fe06dcf29e4d

      SHA512

      765706e923cde9ed5ca005d576c5665e48d60ef93f4f530cde5b8eb2f5ed82c82eeb2ddb96773271754119c17344e39cd75db1dc300f05b5649b7d3ab89ef2f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\vbc95D6FCAEB7E6495C9310AC90AD7952F.TMP
      Filesize

      1KB

      MD5

      f7cb1bd4282c722421a575eb5eb0ccea

      SHA1

      95341126457aa61a3510a1261f920a310b781b22

      SHA256

      fe7443b8d71909145d723c18551a558ef3ff99017e78651b7bdb41aba2cd145e

      SHA512

      368ba332f4c2dfb6bddf7dc407a2fa94a0143cdd01e20016c3119ba084d5ebfb659db0d47160affacff8f6ae4cdfe06392ff18e88850eb76532aef65c53757fc

      Download Submit

    • memory/2144-0-0x0000000074ADE000-0x0000000074ADF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2144-1-0x00000000000E0000-0x00000000000EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2144-7-0x0000000074AD0000-0x00000000751BE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2144-24-0x0000000074AD0000-0x00000000751BE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2572-23-0x0000000000CA0000-0x0000000000CAA000-memory.dmp

      Filesize

      40KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.