Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

952a8002b4...fd.exe

windows7-x64

8

952a8002b4...fd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2022, 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe

  • Size

    302KB

  • MD5

    73d4ffe5ba4592b55111caab17c90e30

  • SHA1

    081523b2907ba6f4cbeb18e784456deaaa8ea8fd

  • SHA256

    952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd

  • SHA512

    d04090dfd0b524abd3327e5187f05e03d30a6271259080a4b29991f9278ad80dbd38ad39fbb8d65d386feebdd49fded635d5c8d6b06bc68f2f284fbdf54786ee

  • SSDEEP

    6144:T44b7czK+MOjoF3/di++08qvFsRcfJgohePbrzZ7tfYIKpnzv:84fijVjo1FimlvybohePptgIqb

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe
    "C:\Users\Admin\AppData\Local\Temp\952a8002b403b712eae9014853408fedff417c7c7a39c7a4d7f9d284f97bcefd.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1292
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {BFC5BC3E-20D2-4101-A07E-520C2BDDAFFC} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:1336

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    302KB

    MD5

    96aa6332c503eef9a3684aadf1b5c093

    SHA1

    2a2c7166256e49c52060bad7b961d6ce6d445671

    SHA256

    c7f6af31a7805fde52ca9e323bc24e20059adc79a500111954b709ff2115ec4a

    SHA512

    6695c011f0cec8e58f5cd66b4a9625e611f03bd969475ca5fde5155c779a250df5f051298c6edee06e50421fe44447e1101c486c722a43b4db4aa24d711c52d1

    Download Submit

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    302KB

    MD5

    96aa6332c503eef9a3684aadf1b5c093

    SHA1

    2a2c7166256e49c52060bad7b961d6ce6d445671

    SHA256

    c7f6af31a7805fde52ca9e323bc24e20059adc79a500111954b709ff2115ec4a

    SHA512

    6695c011f0cec8e58f5cd66b4a9625e611f03bd969475ca5fde5155c779a250df5f051298c6edee06e50421fe44447e1101c486c722a43b4db4aa24d711c52d1

    Download Submit

  • memory/1292-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1292-55-0x0000000001C40000-0x0000000001C9B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1292-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1292-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1336-62-0x0000000000380000-0x00000000003DB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1336-63-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1336-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download