Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
01/10/2022, 19:39
Static task
static1
Behavioral task
behavioral1
Sample
952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe
Resource
win10v2004-20220812-en
General
-
Target
952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe
-
Size
302KB
-
MD5
73d4ffe5ba4592b55111caab17c90e30
-
SHA1
081523b2907ba6f4cbeb18e784456deaaa8ea8fd
-
SHA256
952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd
-
SHA512
d04090dfd0b524abd3327e5187f05e03d30a6271259080a4b29991f9278ad80dbd38ad39fbb8d65d386feebdd49fded635d5c8d6b06bc68f2f284fbdf54786ee
-
SSDEEP
6144:T44b7czK+MOjoF3/di++08qvFsRcfJgohePbrzZ7tfYIKpnzv:84fijVjo1FimlvybohePptgIqb
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1336 jjruejn.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jjruejn.exe 952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe File created C:\PROGRA~3\Mozilla\segfnra.dll jjruejn.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1292 952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe 1336 jjruejn.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 944 wrote to memory of 1336 944 taskeng.exe 28 PID 944 wrote to memory of 1336 944 taskeng.exe 28 PID 944 wrote to memory of 1336 944 taskeng.exe 28 PID 944 wrote to memory of 1336 944 taskeng.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe"C:\Users\Admin\AppData\Local\Temp\952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1292
-
C:\Windows\system32\taskeng.exetaskeng.exe {BFC5BC3E-20D2-4101-A07E-520C2BDDAFFC} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:944 -
C:\PROGRA~3\Mozilla\jjruejn.exeC:\PROGRA~3\Mozilla\jjruejn.exe -npivonl2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1336
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
302KB
MD596aa6332c503eef9a3684aadf1b5c093
SHA12a2c7166256e49c52060bad7b961d6ce6d445671
SHA256c7f6af31a7805fde52ca9e323bc24e20059adc79a500111954b709ff2115ec4a
SHA5126695c011f0cec8e58f5cd66b4a9625e611f03bd969475ca5fde5155c779a250df5f051298c6edee06e50421fe44447e1101c486c722a43b4db4aa24d711c52d1
-
Filesize
302KB
MD596aa6332c503eef9a3684aadf1b5c093
SHA12a2c7166256e49c52060bad7b961d6ce6d445671
SHA256c7f6af31a7805fde52ca9e323bc24e20059adc79a500111954b709ff2115ec4a
SHA5126695c011f0cec8e58f5cd66b4a9625e611f03bd969475ca5fde5155c779a250df5f051298c6edee06e50421fe44447e1101c486c722a43b4db4aa24d711c52d1