Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0b3fd64713...2b.exe

windows7-x64

10

0b3fd64713...2b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2025, 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b3fd64713282aa0c31877bb1078ead1677f25b83e71cd73720ad02eea1bf92b.exe

  • Size

    227KB

  • MD5

    058f639ccb210210a0f8e4441ac2dd31

  • SHA1

    c8037330b9df11a524191583243fdc558738785e

  • SHA256

    0b3fd64713282aa0c31877bb1078ead1677f25b83e71cd73720ad02eea1bf92b

  • SHA512

    668b12f0e09ac99d99d9cef83dec7ed08f4ac2786c38986a0619ad9e984be732b786fd164c91d4204ad44d65b9251b5895db4224bc975d30426b08d324d60b0b

  • SSDEEP

    6144:uLkD+fqCNAl8aVuMULdQrdas2gQntcgMly5CjrjZZ6AnRl:uYD+iCNAl/HULdQrRfQnegMlcCjeAnRl

Score
10/10
plugxdiscoverytrojan

Malware Config

Signatures

  • Detects PlugX payload 17 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Plugx family
    plugx
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 11 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b3fd64713282aa0c31877bb1078ead1677f25b83e71cd73720ad02eea1bf92b.exe
    "C:\Users\Admin\AppData\Local\Temp\0b3fd64713282aa0c31877bb1078ead1677f25b83e71cd73720ad02eea1bf92b.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Users\Admin\AppData\Local\Temp\HID\SOUNDMAN.exe
      "C:\Users\Admin\AppData\Local\Temp\HID\SOUNDMAN.exe" 100 2720
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2704
  • C:\ProgramData\SOUNDMAN\SOUNDMAN.exe
    C:\ProgramData\SOUNDMAN\SOUNDMAN.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\SysWOW64\msiexec.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\SxS\bug.log
    Filesize

    456B

    MD5

    511fc00ba9049e701e1742fe67e00e43

    SHA1

    813d2922a5260d1209be3407565cc698d631859a

    SHA256

    7aa55ae3dd925f8fb9446f4dfb5a8d42dcc269444abb2738629bd248d1e2dee6

    SHA512

    21b4b2afdc25537be6f441f6148b86665237bd249b9ce9cc2a8e2f479f47e8bbc74db5b3a17cffdca655ef94e38ca555e74cc816fe7de57bd4dad9638218bd0d

    Download Submit

  • C:\ProgramData\SxS\bug.log
    Filesize

    618B

    MD5

    ff6e36e97ecd53a93dfd56bbe22ac56c

    SHA1

    0609d05d6e0dfc69098493edc2fb40abcf1834c7

    SHA256

    2640a00f388c951e4ddf0d8c68f327b3884b7e968260487f312a26a01ffe3fd3

    SHA512

    1b3ea01d17ed0139d66404be78453554b8d66e809758712723827fd70a3ec5483d60b8a86f648059f938197319881e8472ec0419ddfbdfb12afa5c26e36e4a77

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\HID\HID.DLL
    Filesize

    41KB

    MD5

    89fb8ee88cfd469e14bc7493d78b70c4

    SHA1

    0f431b38ef83728e71aa044b06da6e8f989cfbbd

    SHA256

    a8099c7b3748c3b1bff3cd477f3c29bba86ebb6797a08f89f3a661df820adf51

    SHA512

    2e0f4838d8edc15e11410f23557dd96cf56ec1e9ad649d50314a3715a66d2adbd7de2ecf19c722df2f9833eee5db15db5b3cfa894e9a3a7df8c0abad2725f1ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\HID\HID.DLLx
    Filesize

    116KB

    MD5

    6e41d17b267dd2378feb4b0211dece84

    SHA1

    860c85a6887360a5dff2547422b0b7c1ce5212f5

    SHA256

    b8a3f4ca6e1c803ab1b8b709f256a82d6dfa3f33c8ec48d5f5f186031419d8ee

    SHA512

    e496c67bf3f02fe84501fe2d6fb09578473932fc6917f4087c830820a617419044713d782231fa57b24e23009f03b43974a023baaa832d75369769f27da1310a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\HID\SOUNDMAN.exe
    Filesize

    82KB

    MD5

    798c0c1ff4e0fce646ca82ae0379ccb0

    SHA1

    3f65f997f350a59ac67e432092cf7f5cfe94a701

    SHA256

    54d08331f511823755cbbac3aad698bbcdfcde71f47b827dcfc6ada89e753d80

    SHA512

    be7924f6179d774d0e4f91a6f044abbb12e9cbf1e19a49e115da5a2eeedbe4c0b29879cf41008d27d13fdb80963d846527d53721d94668719d1331bf1867de3e

    Download Submit

  • memory/2532-80-0x0000000000710000-0x000000000073E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-77-0x00000000000D0000-0x00000000000D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-78-0x0000000000710000-0x000000000073E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-81-0x0000000000710000-0x000000000073E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2532-79-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-37-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2600-36-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2600-45-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-16-0x0000000000405000-0x0000000000406000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-18-0x00000000002D0000-0x00000000002FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-49-0x00000000002D0000-0x00000000002FE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2704-17-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2708-43-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-42-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-65-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-64-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-63-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-62-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-52-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-68-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-38-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-40-0x00000000000F0000-0x000000000010B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2708-41-0x00000000000A0000-0x00000000000A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2708-82-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-83-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-85-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2708-86-0x0000000000180000-0x00000000001AE000-memory.dmp

    Filesize

    184KB

    Download