Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

7bce0437d8...0N.exe

windows7-x64

9

7bce0437d8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7bce0437d8dd3e343e1cd207ad71aa20N.exe

  • Size

    490KB

  • MD5

    7bce0437d8dd3e343e1cd207ad71aa20

  • SHA1

    420576543e75f215ea357467a127058b94d1d136

  • SHA256

    24d06d9db20ce0b44896ac3e02b99a032b7ad5b8c884ffa30046e1d41b7e9c6d

  • SHA512

    c15735260e24768eb8881e37348cd4a90374f19d7f8c2c7e3d5380e86f4f216a249c2e3551be3169f7a34dc938b65d19ad29c81b7888aa63d29951d3e0da9a4f

  • SSDEEP

    12288:hHJj3R/vGJl1xLdNb9l+FfeHO9HfxuvCM:hHx3R/voDpQCc2Z

Score
9/10
evasion

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7bce0437d8dd3e343e1cd207ad71aa20N.exe
    "C:\Users\Admin\AppData\Local\Temp\7bce0437d8dd3e343e1cd207ad71aa20N.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Loads dropped DLL
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\AppData\Local\Temp\n5922\s5922.exe
      "C:\Users\Admin\AppData\Local\Temp\n5922\s5922.exe" ins.exe /t 5387a629561ca3d94e8b4704 /e 12738328 /u c2b30e9f-da98-11e3-8a58-80c16e6f498c /v "C:\Users\Admin\AppData\Local\Temp\7bce0437d8dd3e343e1cd207ad71aa20N.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\n5922\s5922.exe
    Filesize

    284KB

    MD5

    9e24fe7dce5a39ec33319909e3e2e9de

    SHA1

    492d86466cd12c98803a262672cb5171f341e8d1

    SHA256

    05cdd536227ac4ebab76770ed3b2bbc364deb8cfdc1f6a6f598ecb86aa3d268f

    SHA512

    155b353506ef81cf0149178f8dc4b75575dbd0a2d2912038dac1278d8db454fb80edfd84958ebfeb6a3ef9c5de19af1284224bf7bb4af7113c863c3b1be1f4e1

    Download Submit

  • memory/340-14-0x000007FEF64AE000-0x000007FEF64AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/340-16-0x000007FEF61F0000-0x000007FEF6B8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/340-15-0x0000000000320000-0x000000000032A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/340-17-0x000007FEF61F0000-0x000007FEF6B8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/340-18-0x000007FEF61F0000-0x000007FEF6B8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/340-19-0x000007FEF61F0000-0x000007FEF6B8D000-memory.dmp

    Filesize

    9.6MB

    Download