Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8a69b67e8b...69.exe

windows7-x64

7

8a69b67e8b...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 04:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a69b67e8b8a981a35eec7a6165f968b9a48ff5f0ea2d9c7a2ad8d69c1807f69.exe

  • Size

    34KB

  • MD5

    fd767463478745f789f6195c82359c0a

  • SHA1

    2764e736946ea17a453b015c5c086e21cf550566

  • SHA256

    8a69b67e8b8a981a35eec7a6165f968b9a48ff5f0ea2d9c7a2ad8d69c1807f69

  • SHA512

    12a1dd3fab74aa429c2a359e68c5bd2dd0d46f5acce6d753ab1c7d58600c69c9b91b698fed94bd4ec64ed75368b9c0f48a16f6bb0df03b34afc8a164993e40a2

  • SSDEEP

    768:DqPJtsA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhQ:DqMA6C1VqaqhtgVRNToV7TtRu8rM0wYw

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a69b67e8b8a981a35eec7a6165f968b9a48ff5f0ea2d9c7a2ad8d69c1807f69.exe
    "C:\Users\Admin\AppData\Local\Temp\8a69b67e8b8a981a35eec7a6165f968b9a48ff5f0ea2d9c7a2ad8d69c1807f69.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    35KB

    MD5

    5548a18a3150b7fddd7b99116c7b79bd

    SHA1

    06050c9566066811e1538b3e3db240ccfc8f62c2

    SHA256

    9a4dd5a01f331d28ca65eb15bcaa361c25c90993c5ad7ed6f6242a5dbbcd741c

    SHA512

    7c6101c2b139d8242c2301115077b6624e759927891a562145b5a76178219649e7339ffa5b52437b69421737327057c0ac85f2a14b59172b567670bc48fc391c

    Download Submit

  • memory/1620-7-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2360-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download