Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

2d64b37beb...0N.exe

windows7-x64

8

2d64b37beb...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 11:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d64b37beb5063a030c2e083b4d6baa0N.exe

  • Size

    892KB

  • MD5

    2d64b37beb5063a030c2e083b4d6baa0

  • SHA1

    bf0583bcecb115f20c5c6f800b46321734b8a781

  • SHA256

    270f8e7c30ebdbf8c1e642e4c7dd5eb0950efa2dca1dfa8290103f352f8df8b5

  • SHA512

    77a24cb1d905049ff129084a9ef7d9bd48fcace78c5dcca1b4e7e84cdc4ce707cf584c136273717b66480ebc513ed857c0a06bb7918697cc18aa0917c7558fd0

  • SSDEEP

    24576:v6Zv2ivhBVnFys7xP86LkRCwPYfuukvDtiflQM:vE2ivhQs7dLkRumsR

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d64b37beb5063a030c2e083b4d6baa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2d64b37beb5063a030c2e083b4d6baa0N.exe"
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\concp32.exe
    Filesize

    894KB

    MD5

    2afc0cdaf8a95280d05bdc9442bb5114

    SHA1

    225c9c12a122ebb3a6f11566b22a570ea62e382c

    SHA256

    28a1d77bc151d6119d825fabf694eb887066036c338a6a759f341dc22074f49d

    SHA512

    cfb78b4a365cd4113f8e33cec944d9cfd0b69807ae5ae11dc41a7de408e81f8763cc13186064e8c01ccc58c26eb3245805e5317c333bcd08e5a014a32381a299

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    896KB

    MD5

    cee6452eb7f29a0c6592b1a670a28097

    SHA1

    d4cb9def51d335941ac92a267b1f85115bc2d11a

    SHA256

    72b5f27e9b943a8b0f2d9d03f8324a15120069d97c98da8648576fdf880a50b6

    SHA512

    8312e0b0724e692e8467e8cd1f033dd343077293b51cedf2af8792bf426aaf9f113076a8dbab3975676daf303894b3f43b4908ef4da7d1c603fb0b1d0fda99fa

    Download Submit

  • memory/2720-16-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2820-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2820-13-0x00000000002F0000-0x0000000000329000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2820-14-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download