Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e33fbfc8e3...7N.exe

windows7-x64

7

e33fbfc8e3...7N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e33fbfc8e36f58d4b31f2fb0fc334f0ee3b6fd05a6149a1d3e3f3a279e9ec867N.exe

  • Size

    4.8MB

  • MD5

    c095f20c5a6e3bd7b15d554576ffaf10

  • SHA1

    d8f5f5760f55fa10e02604bf41b50b1d77f48755

  • SHA256

    e33fbfc8e36f58d4b31f2fb0fc334f0ee3b6fd05a6149a1d3e3f3a279e9ec867

  • SHA512

    c6387dab7de2fc95a9da0f9b19282aadf49e69430a447df611b7a4a458d3ccd7a0769ea73d8949c41b1c736de1d2f4fff2131bfd0561aa9cf57b9b0d021e5ebd

  • SSDEEP

    98304:TZ7KG1v6e/LHYFR3ZueuJObD3ErwmzDFULPMlbVmr5k3XfDSlNjBI/yYniA2LgIq:TsG1vL/LH83ZueuMDE8m3yPs6OHulNNE

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e33fbfc8e36f58d4b31f2fb0fc334f0ee3b6fd05a6149a1d3e3f3a279e9ec867N.exe
    "C:\Users\Admin\AppData\Local\Temp\e33fbfc8e36f58d4b31f2fb0fc334f0ee3b6fd05a6149a1d3e3f3a279e9ec867N.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks computer location settings
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3856
    • C:\Users\Admin\FutureXGame\Grand Theft Auto V Trainer.exe
      "C:\Users\Admin\FutureXGame\Grand Theft Auto V Trainer.exe"
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\FutureXGame\Grand Theft Auto V Trainer.exe
    Filesize

    3.3MB

    MD5

    508a010138f2f34b7ce88e49ca63cfc3

    SHA1

    7a922683dc2fad141b19fe62ac0cae550bb411f6

    SHA256

    b8f2ab2d9a6e88c7cc77164107d8136a37dddcd017a25c30c3cc12eb3ac993c7

    SHA512

    9d75c0795a1c60cbd73f1a69265fea83ad098d3c46e11ea75d6d198c8b10b85bcb28ca64e90405fba3993388406fb576ce74a7e926d4608ad282f317af593dee

    Download Submit

  • C:\Users\Admin\FutureXGame\settings.txt
    Filesize

    185B

    MD5

    f07cefb51ccbbf19052aca112f643f3e

    SHA1

    c710f5c2a2d69f2444c470dbada669ae005a5abf

    SHA256

    13445c7d1f0528ae56a2f1800bd57188fbc8be0c125f7e7b850e7b08ca9f4a60

    SHA512

    3ad9818bf7c6cded58d8793269b509fe1b16f19dbc8c528aded5daf5d03f350c9a78c493af2b157ea33a05e849690b85a15154bf98d96f1f5407ae45a35b3761

    Download Submit

  • memory/3464-21-0x00000000006D0000-0x0000000000CA4000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/3464-20-0x00000000006D0000-0x0000000000CA4000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/3464-22-0x00000000006D0000-0x0000000000CA4000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/3464-23-0x00000000237C0000-0x0000000023AC6000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/3464-28-0x000000002AB60000-0x000000002B306000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/3464-30-0x00000000006D0000-0x0000000000CA4000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/3856-3-0x00000000242A0000-0x00000000245EA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3856-2-0x0000000000F90000-0x0000000001680000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3856-0-0x0000000000F90000-0x0000000001680000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3856-1-0x0000000000F90000-0x0000000001680000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3856-27-0x0000000000F90000-0x0000000001680000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3856-26-0x0000000000F90000-0x0000000001680000-memory.dmp

    Filesize

    6.9MB

    Download