Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

f9ce495e9a...42.exe

windows7-x64

8

f9ce495e9a...42.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    39s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242.exe

  • Size

    178KB

  • MD5

    7b4dd70b0019b5d3215eb264ac449e20

  • SHA1

    1dab2decd602a482b936beee6f2768460d8b7351

  • SHA256

    f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242

  • SHA512

    8b51b207c2d91a3d813dbca4a588122541025fd3a083739f71523ecb4c7ffb79cac72872a13e4e2d97e28ca8fa27de078b228e1f4ed8ef4090732f5be470d299

  • SSDEEP

    3072:LchyinW3kt6ncDvnTHR6u1AIxjnw89JnszQcJdXI:pin4kpx6ujxF52dXI

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242.exe
    "C:\Users\Admin\AppData\Local\Temp\f9ce495e9aa0199d77c83d58945be93831c0584c2f950c27f6c2c5e8d8fec242.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1080
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {99AB19B4-A4D1-4EDA-A6FB-F49C6A9B356D} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\PROGRA~3\Mozilla\sgfgrig.exe
      C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:316

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    178KB

    MD5

    8a77a72bea9a7119eeb94c8eb932598b

    SHA1

    eb5ecaa8d019079d1f99be04566f100e004d4d3e

    SHA256

    89c798f98fb5e15de77ec49870b34b6b9f0a073a877896dfa9b211c1cf22595a

    SHA512

    a5d854609ed6a08636ad6747444b135beb93cde8804e09cbffc79e187fcc3221ec6edfa0352faa57628d1ba0a45efbf1d1ab948f3e2cd2d83466047781359975

    Download Submit

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    178KB

    MD5

    8a77a72bea9a7119eeb94c8eb932598b

    SHA1

    eb5ecaa8d019079d1f99be04566f100e004d4d3e

    SHA256

    89c798f98fb5e15de77ec49870b34b6b9f0a073a877896dfa9b211c1cf22595a

    SHA512

    a5d854609ed6a08636ad6747444b135beb93cde8804e09cbffc79e187fcc3221ec6edfa0352faa57628d1ba0a45efbf1d1ab948f3e2cd2d83466047781359975

    Download Submit

  • memory/316-62-0x00000000008B0000-0x000000000090B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/316-63-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/316-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1080-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1080-55-0x0000000000310000-0x000000000036B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1080-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1080-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download