Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
19/10/2022, 13:29
Static task
static1
Behavioral task
behavioral1
Sample
55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe
Resource
win10v2004-20220901-en
General
-
Target
55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe
-
Size
304KB
-
MD5
834dd6bfc2621c6b9f595c9c0b19aa96
-
SHA1
0ae6b05da4fc14949200193455002f836fa34a8a
-
SHA256
55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db
-
SHA512
ea25b83a9675efb76e91621e5a09014dd30994309361d691bcfdfa7aeef3f6186c92d1eab8f0ee5eb8fc30783b33a997feee20ec89d5b58fc6d45915f3d3b918
-
SSDEEP
6144:icNM1BDtGwp9jscwrtNXZoQSbGqJDIy88YaR5iLFBq5+Z6:iyKjsXtoQSz78/aR5iGW6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 560 jjruejn.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jjruejn.exe 55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe File created C:\PROGRA~3\Mozilla\segfnra.dll jjruejn.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 852 55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe 560 jjruejn.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 308 wrote to memory of 560 308 taskeng.exe 28 PID 308 wrote to memory of 560 308 taskeng.exe 28 PID 308 wrote to memory of 560 308 taskeng.exe 28 PID 308 wrote to memory of 560 308 taskeng.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe"C:\Users\Admin\AppData\Local\Temp\55f9af3202a3c5b101549912a36863b40c7b69aa75d09d0f5d50bed63493a2db.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:852
-
C:\Windows\system32\taskeng.exetaskeng.exe {EEF67EFF-EEF1-45C6-B426-0AFD5E438F3E} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:308 -
C:\PROGRA~3\Mozilla\jjruejn.exeC:\PROGRA~3\Mozilla\jjruejn.exe -npivonl2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:560
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
304KB
MD53590b6fbb5976991d7e0e04ccc411062
SHA16f77a71208deb20be2672fc5b14b9c4d9525837b
SHA2569f77188c525ad979adb253a1161dbf159a9ede36d61fc7d16fa0e4858614a419
SHA512fdb65685dc2858a177fb407a89e02152529d4d61e05ca8a82906073340bb6037e30718a80a5bbe18a4136902d77b474af8f5c81d903345b865e52626324b0608
-
Filesize
304KB
MD53590b6fbb5976991d7e0e04ccc411062
SHA16f77a71208deb20be2672fc5b14b9c4d9525837b
SHA2569f77188c525ad979adb253a1161dbf159a9ede36d61fc7d16fa0e4858614a419
SHA512fdb65685dc2858a177fb407a89e02152529d4d61e05ca8a82906073340bb6037e30718a80a5bbe18a4136902d77b474af8f5c81d903345b865e52626324b0608