Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

fbadca9c17...0N.exe

windows7-x64

7

fbadca9c17...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fbadca9c175356d00787796bd6de5ea0N.exe

  • Size

    41KB

  • MD5

    fbadca9c175356d00787796bd6de5ea0

  • SHA1

    9189ed873a613ce697b089023ed8b07f1e331698

  • SHA256

    f85e605b37031190bae795f979e8a1071b42be190ea9339d03611810b6639e88

  • SHA512

    48e9b51b7fd454530d334eb1ecb42cddd93651d3b27f934880c1e7aaef9f1c39adffc13c14028a09e909718f901f4a07a151287205ca1eb28bb23ee769a1ea96

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fbadca9c175356d00787796bd6de5ea0N.exe
    "C:\Users\Admin\AppData\Local\Temp\fbadca9c175356d00787796bd6de5ea0N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:1492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\search[2].htm
    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\default[7].htm
    Filesize

    312B

    MD5

    c15952329e9cd008b41f979b6c76b9a2

    SHA1

    53c58cc742b5a0273df8d01ba2779a979c1ff967

    SHA256

    5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

    SHA512

    6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Fql6zW.log
    Filesize

    128B

    MD5

    fb4dc15460c6c2ddf1b047ba39fe6a51

    SHA1

    906dd254a57723e01e05d4f996980beeb5d46b21

    SHA256

    8e69624eb786a3ba82a5aa6686c7321ce4bf4076b42ad844f9895301b9bf10e9

    SHA512

    b735ddadb4c542250969775f57924d4215262464708bedc859a40753478ec72277b9016112623d0828062be7780b9ad17937fb880b614565e1dc0192e7e5897a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp8AF7.tmp
    Filesize

    41KB

    MD5

    0e4156654c8f059f05f65f84210bdacd

    SHA1

    6d3e2a60f400b6dcbfe591b43fa487c3d668a0b2

    SHA256

    e51e06db2a7f41addac651a1283d341ae40d3a740d4ede91e57ac5ff0e109984

    SHA512

    492693b0cee92d82750b3c2baf0b23d4996e4dd009dd9d2fae521384cd562314b758afb5e599879b1cd97dda331ec0c340388d35df3913942a0e048065f097ce

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    160B

    MD5

    0a1173de75e08012caa8ea845db9751e

    SHA1

    2b141028114c82342ab5fbee7a33253c5edf1d73

    SHA256

    8bd2c2c04edbb10b9ea7ab3b7e2d049056160a6a9d5d74ad84aee71720ad1bbe

    SHA512

    b1e711c3e50e3b2cfbef682100722525c1c83feb53c372df288f9db3be8ba06034a45752c5cd2bb651be4c46a34047281801e3f9191afa106b9dc544b927dc78

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    160B

    MD5

    f9918824d25962036f19fbf4d94b338f

    SHA1

    4b31f55386b9b5d3200be4835a8480741e739e9a

    SHA256

    65ac21498688802ecb27d0138a2143e1d8d219ae51b0c10289b56458b85d42a7

    SHA512

    3ef294096f2f74f8ea69625babf7843df0024df2f8aebd2e82e4d7bf00dbe98296a9e7adb1f8d6d130332ad42b190bf2c520cd8175151bca25c93b9666d37909

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\zincite.log
    Filesize

    160B

    MD5

    2fca755e6e80982f8ed174cd4bff615e

    SHA1

    71b50e0be6ad8b1ae9c7ed92312b13b71f60f98e

    SHA256

    a9c3d6286e93b496ec1bca95831cc52be2749187d43ca4e8bd2c8bbcf3b8df9d

    SHA512

    1701ecb75287f8595ea1495715ecc658d5230d2a553cfd36c97c423dbfbd50e28da437677ff9cc0b44600ba153011e4c11613547f0dac7b476c6f35971f40e7f

    Download Submit

  • C:\Windows\services.exe
    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    Download Submit

  • memory/1492-134-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-130-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-196-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-168-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-16-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-112-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-139-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1492-6-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1528-13-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-138-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-129-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-111-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-167-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-27-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-195-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-32-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

    Download