Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

00c73c07c6...73.exe

windows7-x64

7

00c73c07c6...73.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 18:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00c73c07c60efba69e2bdc8cb3346f50922365a897317ac8a69cf55a09928b73.exe

  • Size

    995KB

  • MD5

    05780d4bd08e7919830aad9b92236431

  • SHA1

    3c375cc7dff3576ff155080ef02ce30f0df86bcd

  • SHA256

    00c73c07c60efba69e2bdc8cb3346f50922365a897317ac8a69cf55a09928b73

  • SHA512

    5336ecf7fabdfa3a0530be966cf8a9a662303bd84a21f642f437c9f56ea105ce6549494da713552608b9a0f2acebb857caed92687e46bbb5ab797555efd84722

  • SSDEEP

    24576:4DDROdivZl4UGDcjcWdzUv83b32VIdSSe4GnEL/VOyP8Q8kdn8775BI9s+YlfTuO:YOdivZl4UycjcWdzUv83b32VIdSSe4GB

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00c73c07c60efba69e2bdc8cb3346f50922365a897317ac8a69cf55a09928b73.exe
    "C:\Users\Admin\AppData\Local\Temp\00c73c07c60efba69e2bdc8cb3346f50922365a897317ac8a69cf55a09928b73.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\ProgramData\lynoh.exe
      "C:\ProgramData\lynoh.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    995KB

    MD5

    2ef5907dbbaccb4e27d48bbfe56b3407

    SHA1

    93ae7640ed88ea25c3b44c49be7e10bc6263d5d6

    SHA256

    ebb820827b1b36fc7d42dc7b932793d887ae6c2ef8202d21bf2f4661fb4faef1

    SHA512

    d3e1ef580e644658175cf41b34052ff5334e3a11ab41b462dcf0397d61e461e9015749f44d3fbf28f4ed5d58bcecdfff67006444afa9219b826a61506028ba75

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\lynoh.exe
    Filesize

    858KB

    MD5

    b67ef81d69b82f563246ed5bc6162906

    SHA1

    d28e645776a439cdac49e0d5acb3629441341c1d

    SHA256

    8f997d7138b28e58aca5ca007019ba46a54937a6083485440d20d219d450e361

    SHA512

    25d3de4fc0bd6486a497f53b3af000d3aaafb529e303d44db2a7468b1dc948a0b09700bfa2d107b0d5c91809730e4128b971027e3f903c52b30afcabaeef2277

    Download Submit

  • memory/2012-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2012-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2012-12-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2524-102-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.