Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

12d1020017...c0.exe

windows7-x64

7

12d1020017...c0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    9s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12d1020017fff59c924e555b2045ddc0.exe

  • Size

    27KB

  • MD5

    12d1020017fff59c924e555b2045ddc0

  • SHA1

    6c4a77d49f82bf9d35aef64fe56b0e5f889a5783

  • SHA256

    13015a7268aa6a75597940c60c0361bd7fca6fc60223c95fc10c5274fa3fd3eb

  • SHA512

    18694c005420d0bfcb20dcff7cb395723fb54604df291a3e830331b48ffd1010412c398372fcf5e912b1ec9ae7b0f571a1448f622a870917d993c0c8c5d03eaf

  • SSDEEP

    384:aGpN5/SfmVoonJWpSu+Ip7JLyaBOEj63eVi06MCLGuiLKaPqS1m:fhZSoEpnp7JLyWWElhCSujaPS

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12d1020017fff59c924e555b2045ddc0.exe
    "C:\Users\Admin\AppData\Local\Temp\12d1020017fff59c924e555b2045ddc0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
      "C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    Filesize

    27KB

    MD5

    44cc7bd2f7b4ef51a984d9469937cb24

    SHA1

    0bc057d8ec1c9ffff75cf49e88e5604e7703b902

    SHA256

    93854ade59389290fcf2947ad4b36ac3fd101dd241586921b6d8a5380af0c49e

    SHA512

    f3add3244c6a7ef3a5c7911ae884c6ff5494615a41b17171de6af3513f4ecc558a4b1f9ec1530a92dddbff751678cd6301ce663bb590746a95f78a2dc58a7cea

    Download Submit

  • memory/2368-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2368-9-0x0000000000330000-0x0000000000337000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2368-8-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2368-0-0x0000000000330000-0x0000000000337000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2852-15-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2852-24-0x0000000000230000-0x0000000000237000-memory.dmp

    Filesize

    28KB

    Download