Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

74370c4b2b...3d.exe

windows7-x64

10

74370c4b2b...3d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74370c4b2b556b4b16ae624372e76569db0897c0e37a92e2f89e47a41b485f3d.exe

  • Size

    576KB

  • MD5

    bea0d99a6a226473a4dfb1e382fe55c1

  • SHA1

    43d4e4458af4a61c367eafb66851cf0a5975b892

  • SHA256

    74370c4b2b556b4b16ae624372e76569db0897c0e37a92e2f89e47a41b485f3d

  • SHA512

    200c0d63db140112a540daccabe9907ff83a6470e663a404b267e6cc0ed4ecd1e544dcb0b7f980eb0a1e21248e5a4d1ebbc888380a25438806d520fa001af95c

  • SSDEEP

    12288:AmWhND9yJz+b1FcMLmp2ATTSsdxmWhND9yJz+b1FcMLmpG:AmUNJyJqb1FcMap2ATT5rmUNJyJqb1Fl

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74370c4b2b556b4b16ae624372e76569db0897c0e37a92e2f89e47a41b485f3d.exe
    "C:\Users\Admin\AppData\Local\Temp\74370c4b2b556b4b16ae624372e76569db0897c0e37a92e2f89e47a41b485f3d.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:3996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\apppatch\svchost.exe
    Filesize

    576KB

    MD5

    1e31d21276190a93c0578929ce110520

    SHA1

    bcebe742103683c81f1dff0a1cdefd843a6e6a15

    SHA256

    15ee724896f3f7baefd312f1128f025937bfc9de3d28e604448e28b370065fee

    SHA512

    2e7c049156de9b4949f1614c387c642bda642d1ff3dcebcf03a7ddcb44885d95cf10bcb1ac46d80d451413afedfd9480ae38b4d425daec615c5703f92eafbeb8

    Download Submit

  • memory/2492-8-0x0000000000400000-0x000000000045F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/3996-10-0x0000000002940000-0x00000000029E8000-memory.dmp

    Filesize

    672KB

    Download

  • memory/3996-16-0x0000000002B30000-0x0000000002BE6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/3996-14-0x0000000002B30000-0x0000000002BE6000-memory.dmp

    Filesize

    728KB

    Download

  • memory/3996-13-0x0000000002B30000-0x0000000002BE6000-memory.dmp

    Filesize

    728KB

    Download