Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

3c5ad4612f...c4.exe

windows7-x64

7

3c5ad4612f...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/08/2024, 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c5ad4612f2b8447dafa03e2d95b075d9da1b4af723ca6d19038987114ee70c4.exe

  • Size

    41KB

  • MD5

    0bde2fbf11ae6b7e5229b69bfca1c6bd

  • SHA1

    5ef2d78bb62b51a03c3beafe818ed77460efe45a

  • SHA256

    3c5ad4612f2b8447dafa03e2d95b075d9da1b4af723ca6d19038987114ee70c4

  • SHA512

    cf638c5c14c78a9a6b3fc2aeb8d9fddc1fedc795c3a5c482106c1972eceefe9ead9df10e5cb23d25b2261a1f46a8b382ec4365260471d18e306429ecef1df6d7

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/N:AEwVs+0jNDY1qi/qV

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c5ad4612f2b8447dafa03e2d95b075d9da1b4af723ca6d19038987114ee70c4.exe
    "C:\Users\Admin\AppData\Local\Temp\3c5ad4612f2b8447dafa03e2d95b075d9da1b4af723ca6d19038987114ee70c4.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpDE12.tmp
    Filesize

    41KB

    MD5

    bc9d3a1a12e497e4589b18bccba6fd2c

    SHA1

    f905b5d123ac8889595ae6e0f722545a209a0984

    SHA256

    cd4fc3c99c3c59e37c03edf362070810b5dfa61f9c24c78583873bcc34e9e31a

    SHA512

    83e95a6a32510d9a5968bb4e785581112c029fb5340bd389934a635f4d843cc268039f44c4d985ea8931da98a58e79bdd965088711cbdf41ebd9a5ad6b1a9418

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    192B

    MD5

    08986ed1fb1aa3d57f1661fd307f55c4

    SHA1

    02562f699c14d22dac5ce8e2f82c1561c9ac7c82

    SHA256

    306bb0a099728d42e003689c73cf6adcd2423baa64f8d6a76b5f334efb0f3e21

    SHA512

    7a53d7214c0ea95d7ad4c9788ede4ad86388503e2feed2a1b3544c4041939833b62e118f20c8475ebf285a0371e8100b554b8707af64b59b3b2f24605ce8e582

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/2212-17-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2212-90-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2212-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-86-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2212-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2212-3-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2212-64-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2212-59-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/2696-43-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-48-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-53-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-55-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-36-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-60-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-41-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-65-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-23-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-87-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-11-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2696-91-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download