Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Artic.exe

windows7-x64

7

Artic.exe

windows10-2004-x64

8

�}l��.pyc

windows7-x64

�}l��.pyc

windows10-2004-x64

Resubmissions

10/07/2024, 08:20

240710-j8jq2sxajj 10

10/07/2024, 08:18

240710-j7pwnsyfkd 10

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Artic.exe

  • Size

    7.4MB

  • MD5

    b1da93350f3c968fc3632997ab5a9ac2

  • SHA1

    b8f9388e3b29218b6860167c825dfece6d5adfa8

  • SHA256

    f0fd55719640ba0ce349df5e3de0b043ba11f53551e6454129240b488df673b1

  • SHA512

    aeb24ffe86ec47cb6b1236840af065f8cfef781ff455bef5b5f4da157e13ef8d88c965ddd91fb0c785028c3c32370b2a39375c133cd9d38feb32282952d0e688

  • SSDEEP

    98304:63VeYgZhU0way6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3zCUTVv9JT1sOBNJ:6wYS6UOshoKMuIkhVastRL5Di3u01D7J

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 63 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Artic.exe
    "C:\Users\Admin\AppData\Local\Temp\Artic.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Users\Admin\AppData\Local\Temp\Artic.exe
      "C:\Users\Admin\AppData\Local\Temp\Artic.exe"
      2⤵
      • Loads dropped DLL
      PID:2928
  • C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 876
      2⤵
        PID:2396
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2024
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x198
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2880
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2216

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI19002\python311.dll
        Filesize

        1.6MB

        MD5

        5f6fd64ec2d7d73ae49c34dd12cedb23

        SHA1

        c6e0385a868f3153a6e8879527749db52dce4125

        SHA256

        ff9f102264d1944fbfae2ba70e7a71435f51a3e8c677fd970b621c4c9ea71967

        SHA512

        c4be2d042c6e4d22e46eacfd550f61b8f55814bfe41d216a4df48382247df70bc63151068513855aa78f9b3d2f10ba6a824312948324c92de6dd0f6af414e8ab

        Download Submit

      • memory/2216-59-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2216-58-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2716-50-0x000000001D210000-0x000000001D556000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/2716-52-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-47-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-48-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-49-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-45-0x000007FEF599E000-0x000007FEF599F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2716-51-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-46-0x0000000002AA0000-0x0000000002ABE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2716-53-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-54-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-55-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-56-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-57-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2716-44-0x0000000002130000-0x0000000002131000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2928-23-0x000007FEF6750000-0x000007FEF6D39000-memory.dmp

        Filesize

        5.9MB

        Download