Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

363aeefc9a...2b.exe

windows7-x64

9

363aeefc9a...2b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    363aeefc9adb17cdc816347f4ce7ae519eb89e4ef2ab12f48da5401c5767802b.exe

  • Size

    88KB

  • MD5

    672986c018e259d92efb948d60fe0d50

  • SHA1

    650b11fbd0d94cc539d94e13b462479e6a483a5c

  • SHA256

    363aeefc9adb17cdc816347f4ce7ae519eb89e4ef2ab12f48da5401c5767802b

  • SHA512

    173a99b17ccafc45d8de5c5646e66e73b89cc3f528be87b5f1c9094f155ecdf1cc2ce407397f8dc89582b33d2162fee61d65ea1a77dfc93c459c5a67e0f81cd0

  • SSDEEP

    1536:ahUDofByDJWbMGcEFLPEPKOJUsy1+VMA:aIofBHbKMP0PvMA

Score
9/10
persistenceupx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 7 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\363aeefc9adb17cdc816347f4ce7ae519eb89e4ef2ab12f48da5401c5767802b.exe
    "C:\Users\Admin\AppData\Local\Temp\363aeefc9adb17cdc816347f4ce7ae519eb89e4ef2ab12f48da5401c5767802b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\AppData\Local\Temp\363aeefc9adb17cdc816347f4ce7ae519eb89e4ef2ab12f48da5401c5767802b.exe
      "C:\Users\Admin\AppData\Local\Temp\363aeefc9adb17cdc816347f4ce7ae519eb89e4ef2ab12f48da5401c5767802b.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\POAJA.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1248
        • C:\Windows\SysWOW64\reg.exe
          REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Video Driver" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\config\explorer.exe" /f
          4⤵
          • Adds Run key to start application
          PID:2452
      • C:\Users\Admin\AppData\Roaming\config\explorer.exe
        "C:\Users\Admin\AppData\Roaming\config\explorer.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2216
        • C:\Users\Admin\AppData\Roaming\config\explorer.exe
          "C:\Users\Admin\AppData\Roaming\config\explorer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1572
        • C:\Users\Admin\AppData\Roaming\config\explorer.exe
          "C:\Users\Admin\AppData\Roaming\config\explorer.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:1988
          • C:\Users\Admin\AppData\Roaming\config\explorer.exe
            "C:\Users\Admin\AppData\Roaming\config\explorer.exe"
            5⤵
            • Executes dropped EXE
            PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\POAJA.bat
    Filesize

    149B

    MD5

    fc1798b7c7938454220fda837a76f354

    SHA1

    b232912930b2bc24ff18bf7ecd58f872bbe01ea0

    SHA256

    7f0a5917b5aca9c5beb153aad0ef95bf0aeafb83768da5b086c3f029ba42d7c8

    SHA512

    d1abdd45a8e5d33893b9d19424174a07feed145d2e6b4be318ab5fde503f850579a4a101a010f30e16ecde2c7123f45357a8341214655321ee0f0097ca911331

    Download Submit

  • C:\Users\Admin\AppData\Roaming\config\explorer.exe
    Filesize

    88KB

    MD5

    aa7c429b2fe5028b1e7e573bb98334cf

    SHA1

    ffd657e864ea0b44477f3891c7004f8880d1bf29

    SHA256

    d4dd9c28867852fe0c60b38a33655b9f49e1ff24f187c6e215db524bf6cd9fbb

    SHA512

    6084105b4dc3f95bd6087e42beb689d5274a8680fc1d7dc296d8145afd1547f0fbf947dd2d204bd0db673a83fa74ded1b91985ea6c9b4231f58c98fed239eeb4

    Download Submit

  • memory/1572-336-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1572-312-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1988-328-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1988-313-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2104-134-0x0000000001E80000-0x0000000001E81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-74-0x0000000000470000-0x0000000000471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-76-0x00000000004D0000-0x00000000004D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-78-0x00000000004F0000-0x00000000004F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-77-0x00000000004E0000-0x00000000004E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-129-0x0000000000500000-0x0000000000501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-133-0x0000000001E70000-0x0000000001E71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-132-0x0000000001E60000-0x0000000001E61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2104-75-0x0000000000480000-0x0000000000481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2588-135-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2588-130-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2588-141-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2588-142-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2588-137-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2588-316-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2588-139-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2588-140-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download