Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/10/2024, 17:46

General

  • Target

    441540fdc7f1de6d08a883974e129f33ec703c2ca2138f8245fb211160b95a83N.exe

  • Size

    41KB

  • MD5

    22d231a5ae2ba868085c611283bddd20

  • SHA1

    1a2ee6b3b62e32b1f7e0308866696066e09bada7

  • SHA256

    441540fdc7f1de6d08a883974e129f33ec703c2ca2138f8245fb211160b95a83

  • SHA512

    e0b581c28047fc535cb315fc7c52fb682d5058c5433a40567c32932e989bb479055f97f877fa7badb32b4c2340bece829ef2a472cec85a45cb9048fc941c3382

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

Malware Config

Signatures

  • Detects MyDoom family 7 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\441540fdc7f1de6d08a883974e129f33ec703c2ca2138f8245fb211160b95a83N.exe
    "C:\Users\Admin\AppData\Local\Temp\441540fdc7f1de6d08a883974e129f33ec703c2ca2138f8245fb211160b95a83N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpF077.tmp

    Filesize

    41KB

    MD5

    802b66e0f81249d322fa5f582b3a025c

    SHA1

    9bdd0f762cde71ec3549d803760f065a297a2eb1

    SHA256

    5f56dca7c5d6dc2dd3052f6186d9c935d9212386210dd6ad042bbbd7c1bbc844

    SHA512

    ac75415e0035a7c37b9edafe085693745d0a35bc0ea9d090b3f0b32d43919dae4784436fe6faf3ae76b75e5cfd44f6b3cce8ab43ace9c4729b5b369c2842e67a

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    192B

    MD5

    994d1210b4e394a60601fc15179b13e3

    SHA1

    55e98b0cb28f43511c0a47959c0733f99d88d111

    SHA256

    f398e652ea8ccaf1eeca615d563205b85f34ad1952b38bd435383bce06d36bcf

    SHA512

    3572698fabdb087fc80e040a0734615615152c2091c7f81cd98421a8684e8f8324fda66a4bd336362a4b46ac1ac65cbda087a9e979208109264ddde4c4246466

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    192B

    MD5

    6fd8259d685e33decf55bd13802f320e

    SHA1

    3d65a38ee03d3a7f52f583f025eaa13107053464

    SHA256

    8d2aa067f5c7a051ff9d163d79e1ffa6daa0070f73332c61a11212643e7c9c13

    SHA512

    5dbc8937e455b355d11d544dc6dc0c772a59bbfd7af9baeeee1dbf0f9fafad72a3d5d39a4720161328109f8bdb61d7221941906d1c01084185ac0a395184bbf2

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2232-42-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2232-63-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2232-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2232-74-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2232-69-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2232-67-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2232-17-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2232-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2232-9-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2232-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2232-44-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2568-64-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-45-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-38-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-11-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-33-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-43-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-68-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-21-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-20-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2568-75-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB