Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

90dc3432e1...0N.exe

windows7-x64

8

90dc3432e1...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90dc3432e1fb36a086533848abc9ce80N.exe

  • Size

    777KB

  • MD5

    90dc3432e1fb36a086533848abc9ce80

  • SHA1

    0a8232349b17b241d06793140fbcfa85eff3d7d7

  • SHA256

    b307fa39c5f1c15edbd64bf3f6b2c6f7022aca1f571f32592bed8adbe80d8ffa

  • SHA512

    696c0b6f9961f488480e0516a49ee0a531f3df623a118316041716fb6872b5b67d4d80b433a734cc0f6806a0a5ba477641c0cd403c4684b169526cef825dd661

  • SSDEEP

    12288:7tKe6Zv23YLVFhBsC8iFHSs7xPY1f6HriPwU8yMKhEQVYs6wqdkY:v6Zv2ivhBVnFys7xP86LkJMlQVYQun

Score
8/10
persistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90dc3432e1fb36a086533848abc9ce80N.exe
    "C:\Users\Admin\AppData\Local\Temp\90dc3432e1fb36a086533848abc9ce80N.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies registry class
      PID:1032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\concp32.exe
    Filesize

    782KB

    MD5

    a0a5f9815c3d68ede988fbcbbe59f737

    SHA1

    7cd2d71a42d432904f796315666599c95ddfae34

    SHA256

    937d19d1ee6b2df0c8f1cf0ec4f539b406a9b7c48e021ca83a0cd8e3e7f6b131

    SHA512

    1a01a80c739ea05ef64f017d82bf6f83e9b8edbf8945d7cbfb72b56941b9be12670cad281411079f2050fb2f6ddfa5cd8d98363af209a70de8112a779fbec50b

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    782KB

    MD5

    4e9610e2ecc3ca2577bbad1e0ba6dd0e

    SHA1

    4c91176dc1466b42020ff51f855e05daf83bc3c8

    SHA256

    478de3be1e0fd250deaf872d67afcfaddbb5ed8880a7d2a9fd48b657b04af84c

    SHA512

    aa84fe5dffb8c5ba64b4d72e3f1d8a51d3a7f3a02fa933bfeef0254c85d1525c42293ccd96187f4afac342ee44c6d092b5acdc1f2ea213d6f90490fb36f1521e

    Download Submit

  • memory/1032-15-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1032-16-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2064-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2064-14-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download