Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/10/2024, 05:18

General

  • Target

    c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe

  • Size

    29KB

  • MD5

    7ccc18c2590c8bc58d6faaba31a55dcb

  • SHA1

    f9e443892188dd4cb7614f58cc10e368bcdd88f5

  • SHA256

    c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d

  • SHA512

    0938b5360a9a7bfbe532d8dff01a890c71e885807143565465a0dd18f43137bcdd50cc9750e1edac8fc8eb581d94a92ad8d47c261e4ef4376fa491cfc2346081

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/9:AEwVs+0jNDY1qi/qV

Malware Config

Signatures

  • Detects MyDoom family 5 IoCs
  • MyDoom

    MyDoom is a Worm that is written in C++.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe
    "C:\Users\Admin\AppData\Local\Temp\c55af0cdd189dd3dcb34bb6b22235c8ef56fb90b9550cab289b11255e038737d.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      PID:2852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmpCDCA.tmp

    Filesize

    29KB

    MD5

    de4e7f5181e4edcd9bfbc74e7a28627d

    SHA1

    f772aa8829ba2cb0dc47270fd31f9f85bcbf9db1

    SHA256

    516d55e96ac41e9f32acafd43879249e960faad7234c7acad73e70e1aafce1e0

    SHA512

    0caa58ca80b9b016113847baee5cccab97011a2e323b7428b4924a98c53b59e8b7c585ff86d09d56862cc5e2029786456041b4eb0d832a00b504621c368b2b9d

  • C:\Users\Admin\AppData\Local\Temp\valyETpypq.log

    Filesize

    320B

    MD5

    d971bd453a97d84ad8bffa572cf0b8e5

    SHA1

    46de8ff0f3cc73f898675e73260ea7f2fb5fa774

    SHA256

    81d1c91ff794eff4f2d71990c34573cfa0bf8170a2cfbfbfbc342761f75a350c

    SHA512

    b4e76eacd8d4b68fd7ad6d163ef3cb18f0e050b05f90155e8cce79908f52af156ba3564890888e7aa36a631540a4ee82484509b10e17aa1936079385727385a5

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    352B

    MD5

    4150c3b87ae23784ffbbcf78192bfaeb

    SHA1

    1b099912cb3ca1b74e198b77b9049f615c5a4458

    SHA256

    af3c9e360220f27fc7b7d7359093a26ed6c1b58b90f528b3dcef04e78c4199c8

    SHA512

    44b058d565d1c951cc9aa53512ec6943f5ba9097f0a00c5954f203f6254bb41df66cc22bce4bc64dd76168c88d9fc7758a9fed3ddac6bfbe84c2313de6a4e0ef

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/2852-42-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-54-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-23-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-28-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-30-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-35-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-40-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-84-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-17-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-47-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-52-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-79-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-59-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2852-77-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2968-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2968-76-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2968-15-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2968-78-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2968-58-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2968-83-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/2968-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB