Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

03a992c1c4...6d.exe

windows7-x64

7

03a992c1c4...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/09/2024, 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03a992c1c4464c9e4ec73ddea7548f7db8865cd60cba143236fec68e4f48946d.exe

  • Size

    2.6MB

  • MD5

    6d2a81a47521d781be5c1bf955b787e0

  • SHA1

    1f0459a18c3e6d7c011ccc6662563e197f76fcf0

  • SHA256

    03a992c1c4464c9e4ec73ddea7548f7db8865cd60cba143236fec68e4f48946d

  • SHA512

    445b1cc094c38ff53a818e6d4a2db0fa6e6dd72146c327de3e577af1c0f87fba774100c14e41b4091487e638aa9627242f7c70384588e43d4753113ee4187ede

  • SSDEEP

    49152:nTGkQD5QZuTtS0rQMYOQ+q8CEFTG4QXTGHQl9KFeMU:nKk8WsM0r1QnuK4yKHy0Fe5

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Unexpected DNS network traffic destination 8 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops file in System32 directory 6 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03a992c1c4464c9e4ec73ddea7548f7db8865cd60cba143236fec68e4f48946d.exe
    "C:\Users\Admin\AppData\Local\Temp\03a992c1c4464c9e4ec73ddea7548f7db8865cd60cba143236fec68e4f48946d.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2724
  • C:\Windows\Syswow64\8d780d1e
    C:\Windows\Syswow64\8d780d1e
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\8d780d1e
    Filesize

    2.6MB

    MD5

    0832100db9aaf91ed524462d04eab746

    SHA1

    38171666c4f27cd26f50664866439fb6275ea612

    SHA256

    5dda7530968bc94d04f8f2c1239590c467bff799c21655498b4acf45b9e0d6df

    SHA512

    f19b776ea9530aab698c3c6caadea4e49a0d20ab88492b3f0d16e76f64345f3b28dc3889483c5f662b282baea688500cc829e6b4e76af0afd81271164fb48725

    Download Submit

  • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    790ab7beca94a894318e6674c4690555

    SHA1

    d5458a3942f486d6ddeb51de85ebd03255608adf

    SHA256

    6681e41c128e14fc188d47f43bdcc711ad7c4163b8c238810ad10b92e98bcbca

    SHA512

    3e24c690899aa5133d204451e18f2e678858bd85a7ed55bf78c003a7d8496b0f899b99e2c984ae73389f52f96241a37d6dd29f5bbffe2c77c96248f410f794c5

    Download Submit

  • C:\Windows\Temp\Tar4790.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2712-47-0x0000000000BE0000-0x0000000000C69000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2712-91-0x0000000000BE0000-0x0000000000C69000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2712-3-0x0000000000BE0000-0x0000000000C69000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2712-309-0x0000000000BE0000-0x0000000000C69000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2724-45-0x0000000001210000-0x0000000001299000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2724-90-0x0000000001210000-0x0000000001299000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2724-0-0x0000000001210000-0x0000000001299000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2724-308-0x0000000001210000-0x0000000001299000-memory.dmp

    Filesize

    548KB

    Download