Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    106s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2022, 20:56

General

  • Target

    8f7144836c434a0fc3feceb9c8b7f93d3e84d77c58d6b814833e795b6469eac8.exe

  • Size

    2.5MB

  • MD5

    6d90e77ee88228a8e434192f1954757e

  • SHA1

    deafb980fbab21e298cdb61fd5bc707f451e0cbc

  • SHA256

    8f7144836c434a0fc3feceb9c8b7f93d3e84d77c58d6b814833e795b6469eac8

  • SHA512

    0b2b538dbd05d939cdec2773b330b90b122cb791ef09142af5a86cbdbf8d7a818d3d214e851969c5000e8e7cfe7fe60ca0da8b163291933441b2b753b3fe31e7

  • SSDEEP

    24576:+R8kLaWE3yo7YtvAxpVztxT0M8HtbzwGmTEUcQ7ZOoTdcWy/jz2GBYn9FtDWQNaz:+GkLaqo7YteNMjxYtWWsU+fOnUKyn

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f7144836c434a0fc3feceb9c8b7f93d3e84d77c58d6b814833e795b6469eac8.exe
    "C:\Users\Admin\AppData\Local\Temp\8f7144836c434a0fc3feceb9c8b7f93d3e84d77c58d6b814833e795b6469eac8.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1764

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1764-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

    Filesize

    8KB