Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

30713c9db2...44.exe

windows7-x64

10

30713c9db2...44.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2024, 06:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30713c9db29f1185d482eb9c5491dc7d68dbf8de20477e6ac866e8e8b3d87244.exe

  • Size

    4.7MB

  • MD5

    e93e4f22d9afe1f1ade66d636f25c380

  • SHA1

    1ab854cdb1c237be7fbe5a6230273414117fde2a

  • SHA256

    30713c9db29f1185d482eb9c5491dc7d68dbf8de20477e6ac866e8e8b3d87244

  • SHA512

    2dba62e5e9d9971b85ab169a97aa18846a57a4dd69dcddff67c80ca785dd34bc2a40a30b2b31943a3ca289692e9306e94793e2a22a9d8debb98211f36ca88517

  • SSDEEP

    98304:Q0WXxnoJ2Pn/Y4MpMCkGoY9yY9F0GFvNIDc09EzcLRmOCZ:QD6yn/YHroY9yY9ewvNvgx4

Score
10/10
floxifbackdoordiscoverypersistenceprivilege_escalationtrojanupx

Malware Config

Signatures

  • Floxif family
    floxif
  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif
  • Detects Floxif payload 1 IoCs
    backdoor
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 11 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30713c9db29f1185d482eb9c5491dc7d68dbf8de20477e6ac866e8e8b3d87244.exe
    "C:\Users\Admin\AppData\Local\Temp\30713c9db29f1185d482eb9c5491dc7d68dbf8de20477e6ac866e8e8b3d87244.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Common Files\System\symsrv.dll
    Filesize

    67KB

    MD5

    7574cf2c64f35161ab1292e2f532aabf

    SHA1

    14ba3fa927a06224dfe587014299e834def4644f

    SHA256

    de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

    SHA512

    4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

    Download Submit

  • \Users\Admin\Desktop\New folder\FastCopy5.3.1_x64\FastCopy.exe
    Filesize

    1.1MB

    MD5

    8407c433b453155f76041beefc0de627

    SHA1

    8fccb4a6309237a6926b2360dc1b8299e508b605

    SHA256

    77f47e76c26b59a0886957df22bf099755c0f66a443fe097dd1a857b25d852f9

    SHA512

    a533096b7af6ba98ddf6ed258c6b71a58b9fda5783b10f7feedc1af601c4fbfb63d742e00710d21703564c631d03184880fa7969708e85e8eedefcfde26f8991

    Download Submit

  • \Users\Admin\Desktop\New folder\FastCopy5.3.1_x64\FcHash.exe
    Filesize

    388KB

    MD5

    b3615da42676d5df7d445ff708d985d1

    SHA1

    6f362011e5d5befb83be178264dfb3e46f1c62ca

    SHA256

    6abb8554dd47d84268921afc83a98631af9cfd635e8216dcf7f17b65fc3052f8

    SHA512

    e06d36e2bf3dae0e3e279cf34cebd6da615ea52f1e7486b11293fccc8e332ee38cd5155134727f2b6da89c2082394c920aad8efd1e02f8f551f3b9afa3f73329

    Download Submit

  • \Users\Admin\Desktop\New folder\FastCopy5.3.1_x64\fcp.exe
    Filesize

    1.1MB

    MD5

    43a443c88144c78f04164f96e82b5877

    SHA1

    3f0751cb0e402e5840b60fb4b4bcfd98f37b7ee7

    SHA256

    3b60802ebc71588a1cef50505ff90019056948c5296a75dd78d0b6f37337c859

    SHA512

    a9b01d29cd211a5257af70a9394de08a400a2049fdf076454758dcc6744989d3283833c6251886012102048e227c3224fa3929f7bc955692711ba4fe3006ef81

    Download Submit

  • \Users\Admin\Desktop\New folder\FastCopy5.3.1_x64\setup.exe
    Filesize

    639KB

    MD5

    3a2e67d1893eb07f48ba1ebc34a97650

    SHA1

    7d2f06bdc66330fa065aab81bc0d5f09091d9049

    SHA256

    348ef879a28005e31e03cc253905ffa7b8f9a2868a8301f24eb41349ef6518db

    SHA512

    939e8b7d71291e7294752e1d178ae22a787ded16d6d35333b9dddd31419fa8cccd4e05650388bcd319710bf98176f7f3505f1a83eb37828aff3ef8712139a959

    Download Submit

  • memory/3056-3-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3056-5-0x0000000000450000-0x0000000000453000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3056-13-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3056-14-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3056-33-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download