Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

1dce937f15...25.exe

windows7-x64

6

1dce937f15...25.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1dce937f158f4eab35252be1c720e774a66dedf2e28395f82a5615c6e000c825.exe

  • Size

    32KB

  • MD5

    2dcfa9d2c2a630138547de409f364b19

  • SHA1

    6d24ed5fb6bc4315dedeb7b6361987a43525fee2

  • SHA256

    1dce937f158f4eab35252be1c720e774a66dedf2e28395f82a5615c6e000c825

  • SHA512

    c06932bf82aa240755249273ee905b91285fbbefe96af9c04064788c61277b3e8563d38b01b8436d636d6c1d070210b18aff95017f68a51cd4ae47fc3e990312

  • SSDEEP

    384:Q98xUHQHFU+zy4Ng8zLeiCerZx57DfndTks1zpyBd0KZg:Two26/gopflllvKZg

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: RenamesItself 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1dce937f158f4eab35252be1c720e774a66dedf2e28395f82a5615c6e000c825.exe
    "C:\Users\Admin\AppData\Local\Temp\1dce937f158f4eab35252be1c720e774a66dedf2e28395f82a5615c6e000c825.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
      2⤵
      • Adds Run key to start application
      • Runs .reg file with regedit
      PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Appinfo.exe
    Filesize

    32KB

    MD5

    bf8aea3441a286ae9ac1d546cf24825c

    SHA1

    2b6bcfa72c7041624d5573bb861f968525dc86f5

    SHA256

    24dbc56ad002e549b87b5be19adb0a0f92828b1c718e251afef5184d651a9900

    SHA512

    78bf20db59925224f313da5f57fb9c80ba935410f4b91e406e0df283a326080436f44d128cc23efbad9ee2afd772ba772769f379d54d2e72f6688d6b5befdd92

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
    Filesize

    166B

    MD5

    c27dea95e6c9c2659dd91a42b18aa849

    SHA1

    e307104b7fefafe418cd10956e72b04c0ebb3144

    SHA256

    6118f957cff2c9603922c8987184c38ce50729d148f91eb59dc650cfccc54fba

    SHA512

    cec670205f8f673515fcfa6a3d12c0dabfb9a88eb751330a09016c82c47a1837afe4c27ddd0f0e74789482dd5a29ae988aee8416ae1405a00aac12293badc021

    Download Submit

  • memory/2180-1-0x0000000000020000-0x0000000000028000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2180-3-0x0000000000020000-0x0000000000028000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2180-2-0x0000000000020000-0x0000000000028000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2180-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2180-13-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download