Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5d3cb91c7d...87.exe

windows7-x64

7

5d3cb91c7d...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d3cb91c7d784f67fdb5cf4275d96c36e4e331487e227d3682599856eb24c987.exe

  • Size

    12KB

  • MD5

    ee9e7173cbacb0a1e820d2a96887fa2a

  • SHA1

    70253a73f5f84eec8d0c69989864a275157a5dd7

  • SHA256

    5d3cb91c7d784f67fdb5cf4275d96c36e4e331487e227d3682599856eb24c987

  • SHA512

    8c5761d23978e9ec15e0c5e07b872187ed3ca3a371706d607fac7bd7ad9f0d3058f772e8dcad67e4662e68f61c1b607963d264ae6f851e00d24563ad0ecb73bf

  • SSDEEP

    384:XL7li/2zjq2DcEQvdhcJKLTp/NK9xaO9:bfM/Q9cO9

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d3cb91c7d784f67fdb5cf4275d96c36e4e331487e227d3682599856eb24c987.exe
    "C:\Users\Admin\AppData\Local\Temp\5d3cb91c7d784f67fdb5cf4275d96c36e4e331487e227d3682599856eb24c987.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\k4gmkj23\k4gmkj23.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2420
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2CEA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc46E603EC33A43DB85E6C848E5BE132.TMP"
        3⤵
          PID:2292
      • C:\Users\Admin\AppData\Local\Temp\tmp2B55.tmp.exe
        "C:\Users\Admin\AppData\Local\Temp\tmp2B55.tmp.exe" C:\Users\Admin\AppData\Local\Temp\5d3cb91c7d784f67fdb5cf4275d96c36e4e331487e227d3682599856eb24c987.exe
        2⤵
        • Deletes itself
        • Executes dropped EXE
        PID:2284

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RE.resources
      Filesize

      2KB

      MD5

      dab2d3f0b446f5f2183a7b66f47cbdca

      SHA1

      d3936012c41881c1030b2ad42f5b4daf7c5ba53c

      SHA256

      43a3681e0d1949ec22d0c4106abf8d63cdc56708ab3b384e0d8952af81de7b42

      SHA512

      4068171e497d166adea5d6b318edc73bf0a5fcff7be3bd2a18311ec40d6f5ec925cf71c54ba41122e7daab58eddc737f1c7192b32d19d3c31c714b92895c5898

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\RES2CEA.tmp
      Filesize

      1KB

      MD5

      2429d366201c23cf312bbadf7b18cce4

      SHA1

      62771710c0da13d594b327dcfde817646fd56d68

      SHA256

      2e90c00b589e8f6888020588e9590a0d68196930350581e03f2db9596c1150c9

      SHA512

      3cb4ea7fb49c089ed7b4216d1300d9ed17e07535ac533bf03d299e78c989cca10f1d9fb6559ce95827c2abd61e066a79e6e59f48744f00a863500692b0b3ed9b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\k4gmkj23\k4gmkj23.0.vb
      Filesize

      2KB

      MD5

      3a4a87a06e55d550d8a06d95c989cb80

      SHA1

      7c7a08c1b18acc15a15aae87099887d0db34e6c5

      SHA256

      29520876e38d757e286ee4b07a25b1dcf52f6f9c8a4574067a9ea7bab16c7d4f

      SHA512

      8d219624d9009d3d59c4efb07a9d18ea9194825c56e457ba5ee6ac513f13f30d3f8ccfb86d5ed60abe381e47a5c5af7656cdf64f4117482da083a0f2fd3865f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\k4gmkj23\k4gmkj23.cmdline
      Filesize

      273B

      MD5

      244ce0b1a783d469737c8b724fb33f4e

      SHA1

      8ce086b8a1cde4e36defa528b9a4ac164c7ed919

      SHA256

      a794ff262786468bdb41e12ff98d5e0d79c2caaae235e60f235ce03d44447c46

      SHA512

      0616eceb4279d422e807079d6cad68d68f2567190df7d9498bafe618c9d0ba539d2068e032db26fca2669d29a3fe4f9719a9c47c484a3bcfae582cfab5da357e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp2B55.tmp.exe
      Filesize

      12KB

      MD5

      86fa8ae968cf3f2b980d5b87c3e01255

      SHA1

      3af95b9f9037e727f7d50c56e0c295c75057dce6

      SHA256

      930b6b135a8dd33f85f1249802e287f8d766ae089d09908447d9f187bc328773

      SHA512

      ad4888b52b9adb26b1936d2239ee023b99b4638081e7f7eceb359ff2490f2197416d7b2e595f35918cfbd4f675a456cfee651de27b96912c7ba6737f4efca0cb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\vbc46E603EC33A43DB85E6C848E5BE132.TMP
      Filesize

      1KB

      MD5

      b894df7c8173d15df80d598828c472e6

      SHA1

      cb446fb34cd0a40c4f8bc6393482885248540197

      SHA256

      62ddddc4bc516e8be2634bb43e97d60a119f483cb5ecbaa9942a0a7188d42ad4

      SHA512

      299bce5a066c757a19c4dbaf56d08bb6c2aeed384084f4495a7dc52ebd6b7e67d2883c0a87540aae213c5a69c2cc8a56fb817f56b2e8d0af645bba62fd0113dc

      Download Submit

    • memory/2284-23-0x0000000000360000-0x000000000036A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3056-0-0x000000007441E000-0x000000007441F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3056-1-0x0000000000AC0000-0x0000000000ACA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3056-7-0x0000000074410000-0x0000000074AFE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3056-24-0x0000000074410000-0x0000000074AFE000-memory.dmp

      Filesize

      6.9MB

      Download