Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20/10/2022, 08:17
Static task
static1
Behavioral task
behavioral1
Sample
af19676afd6877219dd7e4464614f48bdd3f3206e2433108fdc55a8659947f67.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
af19676afd6877219dd7e4464614f48bdd3f3206e2433108fdc55a8659947f67.exe
Resource
win10v2004-20220901-en
General
-
Target
af19676afd6877219dd7e4464614f48bdd3f3206e2433108fdc55a8659947f67.exe
-
Size
141KB
-
MD5
4ec138f7c09f34d0f59be36d97ca9140
-
SHA1
cbfb3f02f81d3094a69dd50d4fd31e0f18c724c0
-
SHA256
af19676afd6877219dd7e4464614f48bdd3f3206e2433108fdc55a8659947f67
-
SHA512
f7b19051b661ce527035e5dab3ec0026875144b7ed36d9e58559342fd294fc50d8732a5141e8159ee27fa514494c4735f6a98391b0dc8f904fd36ed32c798530
-
SSDEEP
3072:ixHEI6rvvMV0nE17B+TnFnvcwHdtTQ3lNvuCLeEPbUXHrxe:ixkHMV0nE1l+LtvcwHbo/aSUXLxe
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1760 jwufxge.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\hvkykah.dll jwufxge.exe File created C:\PROGRA~3\Mozilla\jwufxge.exe af19676afd6877219dd7e4464614f48bdd3f3206e2433108fdc55a8659947f67.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1652 wrote to memory of 1760 1652 taskeng.exe 27 PID 1652 wrote to memory of 1760 1652 taskeng.exe 27 PID 1652 wrote to memory of 1760 1652 taskeng.exe 27 PID 1652 wrote to memory of 1760 1652 taskeng.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\af19676afd6877219dd7e4464614f48bdd3f3206e2433108fdc55a8659947f67.exe"C:\Users\Admin\AppData\Local\Temp\af19676afd6877219dd7e4464614f48bdd3f3206e2433108fdc55a8659947f67.exe"1⤵
- Drops file in Program Files directory
PID:1508
-
C:\Windows\system32\taskeng.exetaskeng.exe {2A63D31B-6602-4EED-8C4F-0443C88AD2B1} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\PROGRA~3\Mozilla\jwufxge.exeC:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1760
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141KB
MD5516fb71def4de2ab3a516032ea015da7
SHA111942e9b69f483a9d2ae4dc7a476c496a767343a
SHA256f619766a57b0c495159d6410107823a4826c697c45d03622143e87e6fad18b98
SHA512b4d6f15cc85a4870bb3966e6c361c63b206ee57944d9da66b5f8ef5e21013090fbbb4ddfea5e7e5cc7978ebc03b4f752778e2f58d3eea6ed7a68e2e6342e07e4
-
Filesize
141KB
MD5516fb71def4de2ab3a516032ea015da7
SHA111942e9b69f483a9d2ae4dc7a476c496a767343a
SHA256f619766a57b0c495159d6410107823a4826c697c45d03622143e87e6fad18b98
SHA512b4d6f15cc85a4870bb3966e6c361c63b206ee57944d9da66b5f8ef5e21013090fbbb4ddfea5e7e5cc7978ebc03b4f752778e2f58d3eea6ed7a68e2e6342e07e4