Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

123.rar

windows7-x64

7

Resubmissions

19/09/2024, 07:29

240919-jbcapsxeqk 7

19/09/2024, 07:27

240919-jaa19axcje 7

19/09/2024, 07:21

240919-h66x5axanb 7

19/09/2024, 07:04

240919-hwcxaswenh 7

19/09/2024, 07:04

240919-hv496awend 3

19/09/2024, 07:00

240919-hs4kvawfqr 3

Analysis

  • max time kernel
    73s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    123.rar

  • Size

    4.3MB

  • MD5

    d2d30eb66c8919cb33dd969b3aaff546

  • SHA1

    2719e1527820a076c540f40b4342be09b2e1b66e

  • SHA256

    57d0aa2a1d890f1b58a8b361c7cc2e1ef1829743f9e68a17e0e076b24ee6cb93

  • SHA512

    3fcd0721272d09575452b672bc824a915efe32c9fb72e3357ab00c19b52d91079c02f62096d3b665f607f2afedcdff1f4c82f6e849204a30e28bc7af0d46ec6d

  • SSDEEP

    98304:gCdtJmBbsufP6iry6PXnMtWNQrMob5rJB+n2lb:gCd/0bLfPb26f8QgrJVlb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 40 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\123.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\123.rar
      2⤵
      • Modifies registry class
      PID:2632
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2616
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\123\" -spe -an -ai#7zMap6567:64:7zEvent21328
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2876
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\123\internationalPaymentDetails\ActionCenter.dll
      1⤵
        PID:2384
      • C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe
        "C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        PID:2832
      • C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe
        "C:\Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        PID:2504

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Desktop\123\internationalPaymentDetails\VCRUNTIME140.dll
        Filesize

        107KB

        MD5

        146eb6b29080a212b646289808ae0818

        SHA1

        e5d9801f226ecd3af662df225f751ae8a8934357

        SHA256

        f66c606d2ee6bbca375ab4268b0c6aef5170a4ca580a00e17a56057a7a127743

        SHA512

        0824b42ca2539709f77134ffea9c10fc9f4c126b6a309bd5d3ddd02a660ef98d63b178219d83b173340798c479a1008c2d4f57830898673043fee2450a210a58

        Download Submit

      • C:\Users\Admin\Desktop\123\internationalPaymentDetails\cors
        Filesize

        281KB

        MD5

        fc514d0a4ee2ed23157d0ec1f767d1b0

        SHA1

        c2675e3ac646837e17441b699eb30445053d8b1e

        SHA256

        15a2e189ab11cd32e599eb6aebfca559047a882d5137a39c97f0136f64143bb2

        SHA512

        7f6aa5ae7f17f87a960d40155a05b98d80572f59cfc6b4bee6ccf2383d356977861061400b48aadb91b5cc3ec24da1c6c637f15d72fd1c7fac1bcc2835813b85

        Download Submit

      • C:\Users\Admin\Desktop\123\internationalPaymentDetails\jli.dll
        Filesize

        3.3MB

        MD5

        e183e315399e95064a29ed71d1dad374

        SHA1

        a1ccec3ca697bdd54faa8224b91c529bd24428a0

        SHA256

        2a11f2efc2b73b145409846a2956f620e76cbc8bd2d3ec023ca9dfa1e63b3ad2

        SHA512

        ec79c813c1ba3f49e8a91abe5aa51a28e1b179e73078d5abc14206a7e9830b969c0f6f6ca010c72d608bc34144f7e8f1be5a36910560ef8058fa23cab225baaa

        Download Submit

      • C:\Users\Admin\Desktop\123\internationalPaymentDetails\ucrtbase.DLL
        Filesize

        985KB

        MD5

        596226a2adc84678fc417de207cd9867

        SHA1

        6758348f540f946cd256ce9e4c778af4d9135f41

        SHA256

        425470634ec67646e8d6844cf49f08cb9336458bf2a1b13fa0272d22d2ead99e

        SHA512

        5c6a8a8da26cab88b1206ee110a511478e6f14efc0479cba651ce12f6de4d37537bac2c30368a274d3b5eabcdc69b4e0a3dbdb6a44ae0049e1110ea55393199a

        Download Submit

      • \Users\Admin\Desktop\123\internationalPaymentDetails\ActionCenter.dll
        Filesize

        2.8MB

        MD5

        6600755c2a115ab24862611227e83e3d

        SHA1

        2067379db6a1817513c0f5de5640906bb7168f78

        SHA256

        c4b436e2b74e8b98bccf9ec8348fbbd6384d309c5c67d2fb995293d380e9bc31

        SHA512

        fb94b75c6dad7d4d55b79cbbdb8564c0aca5d3ece2a743bbcc169df4070a8444a344c8d221fc5894de85cbc10d555bc4d0cd4a70d91f623bc05d38f9ba94ebe5

        Download Submit

      • \Users\Admin\Desktop\123\internationalPaymentDetails\Hoister.dll
        Filesize

        3.9MB

        MD5

        8a526ac02b6071c5cf74d7b88442cada

        SHA1

        7468d665d709baf9f5d4bc76465a84f13723beb2

        SHA256

        69e3ef284301526f65711083898f3e3c8ed5001f96d59c59a6bff1456c6166db

        SHA512

        2a81735d205097e0d16b254b9f0299c5ef84033d1447b6da03476001860ba4c92a6b8b8ad4e6262d35e7b1da672582fe9f372569eb55f2c3a6288b00554456d8

        Download Submit

      • \Users\Admin\Desktop\123\internationalPaymentDetails\internationalPaymentDetails .exe
        Filesize

        24KB

        MD5

        dbf001709c85cb1040c86b56dd29e02a

        SHA1

        8d1c67f18756fc93af61c45a7ccdd88554590c4f

        SHA256

        5c5ce4bf348150622adb9f71ed42879c4a5ebf99c94c2be940141d28f2c8275d

        SHA512

        7e59d49be1d670a3b74af5a4340c7d3f041f3a690fbf9d3f35ee9111ae5e6dc56b2486dd8e044f2c88c7d439a35821fa75164e74c7d7456c3e70b78420dc409e

        Download Submit

      • \Users\Admin\Desktop\123\internationalPaymentDetails\jawt.dll
        Filesize

        22KB

        MD5

        aa8c5c204fc51e0e41dd7438b9ae3a60

        SHA1

        8a32f69e9284e692df2ac335cac89b89ff8df1ce

        SHA256

        4d750b41868b1559d95aab6511f22abf4b4835eeb7b45a6edaa67b18100f90bc

        SHA512

        aa718c9ec23d2bd9f8cf78f45b4c39eac9550cb45ac2542aa9b816a3684fee10e9a80d77cdb9dbd8f12cf2b15e2dd903c5a6ae0aa540bd70eb64768b2660a564

        Download Submit

      • \Users\Admin\Desktop\123\internationalPaymentDetails\vcruntime140_1.dll
        Filesize

        49KB

        MD5

        c106bef63b8db2f32de277b0c314249f

        SHA1

        b172b5809f95bd4f4181fe30c30368b50a27f08a

        SHA256

        dced523e24b4374522c86f7bbfc0ac8d8e1078336492629722081339adaad9ba

        SHA512

        77aab947ffec187f054c68899f2b4186a53b2901fb74ee6702586c1207a4abea238c64da0aa3ebe56695c31606b315f9a6289ca1748e9770fcfca5816e7e6580

        Download Submit