Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

c8b71fd65b...62.exe

windows7-x64

6

c8b71fd65b...62.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 02:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8b71fd65b9bd79f9ff256ac251364197c83fff145435fdf8924486d5341f162.exe

  • Size

    6.6MB

  • MD5

    50988ba5ebd7e11da9cea1407022c7e2

  • SHA1

    857302a3f0a2b9637320fdcb30bf1bcdd1005bbe

  • SHA256

    c8b71fd65b9bd79f9ff256ac251364197c83fff145435fdf8924486d5341f162

  • SHA512

    038035ff99322c06f690f7667c3724b292dff10e4e26833e1d4bc4b4d56504da2abc47c98e3524c0310182469e53b773b8ce245ff5f02d90e5e83d9bbb47ba1a

  • SSDEEP

    196608:NGXQiaF7UPs7m9a9wePdq+55Czy6uMiYdDMS4SKwi6uO:NsQiaFHmk97Pw+55CzNtiYdDMrSKuuO

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8b71fd65b9bd79f9ff256ac251364197c83fff145435fdf8924486d5341f162.exe
    "C:\Users\Admin\AppData\Local\Temp\c8b71fd65b9bd79f9ff256ac251364197c83fff145435fdf8924486d5341f162.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:912

Network

    No results found
  • 52.111.229.43:443
    322 B
     7
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/912-0-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/912-2-0x0000000000400000-0x0000000000597000-memory.dmp

    Filesize

    1.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.