Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
55s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/10/2022, 12:16
Static task
static1
Behavioral task
behavioral1
Sample
cbeceafb0f26ab6bfcc0d21d2171c774ec88841058c86bb972eddc163743143a.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cbeceafb0f26ab6bfcc0d21d2171c774ec88841058c86bb972eddc163743143a.exe
Resource
win10v2004-20220901-en
General
-
Target
cbeceafb0f26ab6bfcc0d21d2171c774ec88841058c86bb972eddc163743143a.exe
-
Size
272KB
-
MD5
6e366e5e11747fb24e72e2047fd00140
-
SHA1
974e5a896008ec1021f7fdf14de1dd3137fba263
-
SHA256
cbeceafb0f26ab6bfcc0d21d2171c774ec88841058c86bb972eddc163743143a
-
SHA512
ce8f05820a2b4d5f1e06661dae11c7adc7c9ba27289aa4d2567ad3afaf286a6f851768e9718efa0e2dc61dc6f0353a998242014100b90131e494d26df0c85642
-
SSDEEP
6144:MfRuSxFMY2uYmVAvivBHDpr88CtFO4y3vVkzjIfO5Lr:MgSxFMiYmVAviv5Z8nt1UkAI
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1316 sgfgrig.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\sgfgrig.exe cbeceafb0f26ab6bfcc0d21d2171c774ec88841058c86bb972eddc163743143a.exe File created C:\PROGRA~3\Mozilla\ogcwmgm.dll sgfgrig.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2012 wrote to memory of 1316 2012 taskeng.exe 29 PID 2012 wrote to memory of 1316 2012 taskeng.exe 29 PID 2012 wrote to memory of 1316 2012 taskeng.exe 29 PID 2012 wrote to memory of 1316 2012 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbeceafb0f26ab6bfcc0d21d2171c774ec88841058c86bb972eddc163743143a.exe"C:\Users\Admin\AppData\Local\Temp\cbeceafb0f26ab6bfcc0d21d2171c774ec88841058c86bb972eddc163743143a.exe"1⤵
- Drops file in Program Files directory
PID:1848
-
C:\Windows\system32\taskeng.exetaskeng.exe {7D741315-BB91-42D5-B6B9-458F1B13442F} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\PROGRA~3\Mozilla\sgfgrig.exeC:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1316
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
272KB
MD53cbf5453a543dfd8d0e1d270ae216d92
SHA14bb39f943772021f0c47f4cd8022efcc272c379f
SHA2569a7c0c7b97a59b3e3c9eb9a3de0e817b1973f2c4625b132e823a12537aeba864
SHA51293aab6cd9c0fc6f9377333e2cd5892817f7d99950e9c2fa017c2f1f9df0f5ada0030a339555d894e448bc6ad191ba5ddda11fd2cbccee6d36234c75cc29bc1d2
-
Filesize
272KB
MD53cbf5453a543dfd8d0e1d270ae216d92
SHA14bb39f943772021f0c47f4cd8022efcc272c379f
SHA2569a7c0c7b97a59b3e3c9eb9a3de0e817b1973f2c4625b132e823a12537aeba864
SHA51293aab6cd9c0fc6f9377333e2cd5892817f7d99950e9c2fa017c2f1f9df0f5ada0030a339555d894e448bc6ad191ba5ddda11fd2cbccee6d36234c75cc29bc1d2