Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-07-01...il.exe

windows7-x64

6

2024-07-01...il.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    1s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-01_6068830154e280bb0c0ca87e57533425_gozi_magniber_revil.exe

  • Size

    37.6MB

  • MD5

    6068830154e280bb0c0ca87e57533425

  • SHA1

    94e5cab7e49fb04ec30ff75b6e3bc4fcea9e792d

  • SHA256

    492d4f36465829ece536dbd06aa7010b1d4c0270db158242d296ed6e73a4b696

  • SHA512

    990ccda1b69c7a0d3bb43dc3bdf6bb518deb02197395b661b332e55d64cdbf4a740fbab830773c22e4b1afc6d357ee4be12e7ab9a6916f15386bd45c9e68df73

  • SSDEEP

    786432:4TuUJP9mP1O9uGVD+6PPZlXMuzw+AuE3sBJm:4TuUJlmP1O9uGVDPxWiOuE3s/

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-01_6068830154e280bb0c0ca87e57533425_gozi_magniber_revil.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-01_6068830154e280bb0c0ca87e57533425_gozi_magniber_revil.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Checks system information in the registry
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
    Filesize

    512KB

    MD5

    934785bd82108251dd002da9f20b6ce3

    SHA1

    a42c12162b4b19da5fc4ea0d43e2aed0cca48c20

    SHA256

    41e0204223bfc255c1eb05e5b2de6c470867c5382faf565ad839b98d7498424b

    SHA512

    859d453d1a3775d513f6eab29d9775d2da84091c34d0c025d75d4988fbb25d783a44cfc5889637aaf0f0d0c9012375e65fce00e7a001ee20cb343627dba2332b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
    Filesize

    32.1MB

    MD5

    bed62904779d0e7a5e7755982fb17e7f

    SHA1

    fffe124468f172476d7ea326ae1fea1a75340887

    SHA256

    8d893516a1311f7d93c85f0a29d7dec4751723c0c4aefa6e0b546e2cd08cbc61

    SHA512

    3bb8a80c82529ebbd16daafea06181a9ef20e186319e3be252312a14c2dcb13131fe77c680a3a01843689f6a1bc8346a4292baac47b79ea202d6a3b0036c43e7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\gcapi_17198453452080.dll
    Filesize

    600KB

    MD5

    f637d5d3c3a60fddb5dd397556fe9b1d

    SHA1

    66f0c4f137870a9927400ea00facc00193ef21e3

    SHA256

    641b843cb6ee7538ec267212694c9ef0616b9ac9ab14a0abd7cf020678d50b02

    SHA512

    e96984f2f9c6858e989f10fd8e71b09a8a640c9be2fb87ac1692d9bca7107d7a837f8fbdcc46c01a6107dd9020994c5a6f975b7e16434e9b2bf1c43b1f0d8b31

    Download Submit

  • memory/2080-15-0x0000000006CF0000-0x0000000006D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2080-2-0x0000000005160000-0x0000000005161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-5-0x0000000005190000-0x0000000005191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-6-0x00000000051A0000-0x00000000051A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-7-0x00000000051B0000-0x00000000051B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-10-0x0000000005480000-0x0000000005481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-3-0x0000000005170000-0x0000000005171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-0-0x0000000000130000-0x0000000000131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-21-0x0000000008830000-0x0000000008840000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2080-4-0x0000000005180000-0x0000000005181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-44-0x0000000005F30000-0x0000000005F38000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2080-49-0x0000000005EE0000-0x0000000005EE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-47-0x0000000005F60000-0x0000000005F68000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2080-54-0x0000000005930000-0x0000000005931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-1-0x0000000005150000-0x0000000005151000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-106-0x0000000006110000-0x0000000006118000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2080-111-0x0000000006100000-0x0000000006101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-109-0x0000000006400000-0x0000000006408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2080-169-0x0000000005480000-0x0000000005481000-memory.dmp

    Filesize

    4KB

    Download