Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/10/2022, 15:00
Static task
static1
Behavioral task
behavioral1
Sample
25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967.exe
Resource
win10v2004-20220812-en
General
-
Target
25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967.exe
-
Size
213KB
-
MD5
633ec558e3c143bbaa32f30c2c4c3190
-
SHA1
20f03b6979dc7af8778e7f8dc77049c3e3c5a41a
-
SHA256
25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967
-
SHA512
f60049789ce5836b8bdedb880fbd518261e42893305d2729171c3f9ba9a20dec157ec2ef30a8164b3e87db81c5763eed2873727eea9350bde3e6cf0f4fa4305f
-
SSDEEP
6144:dJ4GsMQN0SjAXisy8DYdaph0vJgH6NfNHfomHRD/G8:dKGusiz8DYd+myO15zn
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1312 sgfgrig.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\sgfgrig.exe 25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967.exe File created C:\PROGRA~3\Mozilla\ogcwmgm.dll sgfgrig.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2000 25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967.exe 1312 sgfgrig.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1340 wrote to memory of 1312 1340 taskeng.exe 29 PID 1340 wrote to memory of 1312 1340 taskeng.exe 29 PID 1340 wrote to memory of 1312 1340 taskeng.exe 29 PID 1340 wrote to memory of 1312 1340 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967.exe"C:\Users\Admin\AppData\Local\Temp\25d90aebc96f42016f169f8a68dc1d4a0bd4254d144efb6f358667b04785b967.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2000
-
C:\Windows\system32\taskeng.exetaskeng.exe {2BB7F528-FA61-4242-846A-A6D2211E971B} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\PROGRA~3\Mozilla\sgfgrig.exeC:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1312
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
213KB
MD544322edf3471066affe7c2328e6a30dc
SHA12bb157ba6c07692d5683f2c8e8a4085b74f2197e
SHA256262885ba2cdcb3071ddba8c6a4a93b20e9390bbb37ec1c3deed79b0cf41f324d
SHA51226d1e0b6a5c60b27b9dc2279ce12ceae018aa9e5166b761bad404b362feb0deca5b955b5632ac78777102ce52bd1d1ac6bdc8cacebd95d3899fbcec3ff53a648
-
Filesize
213KB
MD544322edf3471066affe7c2328e6a30dc
SHA12bb157ba6c07692d5683f2c8e8a4085b74f2197e
SHA256262885ba2cdcb3071ddba8c6a4a93b20e9390bbb37ec1c3deed79b0cf41f324d
SHA51226d1e0b6a5c60b27b9dc2279ce12ceae018aa9e5166b761bad404b362feb0deca5b955b5632ac78777102ce52bd1d1ac6bdc8cacebd95d3899fbcec3ff53a648