Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

2ffabee429...f6.exe

windows7-x64

7

2ffabee429...f6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 10:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ffabee429da813d42aee31a6545abce82f184f56d2ededffa1f275c98ac49f6.exe

  • Size

    4.8MB

  • MD5

    fe62f8f45717bf57a8b66f2c8987cfc1

  • SHA1

    1fbc6221f3dc1e56af05470821fbe6dec3a35da6

  • SHA256

    2ffabee429da813d42aee31a6545abce82f184f56d2ededffa1f275c98ac49f6

  • SHA512

    e364ce4cebe7a0f930909b60840f24e5b6a649e1f58252e84fb7649d178c60b45d6314d8bae8092eee5befe6a790a6d9cb9a223d6eb60743977d549171551bba

  • SSDEEP

    98304:nXHfZysNkdeOVWB4PGrx2fEyMmzHJhYlRJb:nPx1dx2f9MmzHw3

Score
7/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ffabee429da813d42aee31a6545abce82f184f56d2ededffa1f275c98ac49f6.exe
    "C:\Users\Admin\AppData\Local\Temp\2ffabee429da813d42aee31a6545abce82f184f56d2ededffa1f275c98ac49f6.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 912
      2⤵
      • Program crash
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\{D167187D-8260-4946-9858-3BB3D1D4B9E5}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    2706693dda10c6cc79eed24c56d4e5ef

    SHA1

    4f34ef1bd49273a0d260b9dab15c73eb0ccb6383

    SHA256

    0edad8a1af22d5b97c1f324791c86243a6ecce7b5a9d2f30415af99aba9129c3

    SHA512

    7e7f7ae894528587ba33b6e10999549bb9a2ec2748b5662fa1b8806e5f4ce33af47507b3ef2954f2747a76b5b7c775c1cd671061f577c5016d1f8ba165bbe21c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{EB2470B7-941C-4523-8F8A-A1933D582F86}.tmp\NetBridge.dll
    Filesize

    231KB

    MD5

    9d145902fb5b9a6da62ac85761434e31

    SHA1

    c817d77f59e3767d75cf5f5298d6b5711308f7e5

    SHA256

    98d795d55329b1057f4fd590468e648a8c34b620207fd9a0a6953f3e98d1ea43

    SHA512

    bbb3109bcd5ded909bfdaeb7f4f006fc5928a9bc501bad5ae8ba9805bc0d924a2c4da8bbd215480db936d663852abd9b0435fa241a40224a4cd93c4b7aff79a9

    Download Submit

  • memory/2524-28-0x0000000002640000-0x0000000002641000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.