Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

d6086041f6...92.exe

windows7-x64

8

d6086041f6...92.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92.exe

  • Size

    135KB

  • MD5

    a055f85742faf5058894c7b5096418e0

  • SHA1

    4c780c61456b6331be8c47c1f4c3be5e26313b69

  • SHA256

    d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92

  • SHA512

    2ac9dd47a50f033f45567c7aa0cb6055552896b0b562ff7439522fb2ec549b72c1ccc9e27b32e1a24b211cff255f5aed26d73e8e9c12be861b33ba8aa6a06ce9

  • SSDEEP

    3072:mcLXTpcvocFIALdm3vL52HBnXTmy5xEKJ9W8NRt:FLX1qoEd2v928DHERt

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92.exe
    "C:\Users\Admin\AppData\Local\Temp\d6086041f6c8a5fd0fbc836f895d8df8df549b5fef213a488a5eea78b667ab92.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1464
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {CB1FA215-913C-4EDB-AF46-94EAA2E50D08} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    135KB

    MD5

    1a6f759b4a080b08ddd3909e46c4692a

    SHA1

    f2d799d930b90e027a16b3867b875308a7f257d7

    SHA256

    6a9e410793fb484e06001f651b58dc8fb54421bc1d069a9996be10fb9a8f157d

    SHA512

    4c18db2b312df7a184b05611d1e916ade02d3bac5e292656c6f2a09d324419b7568d80b7f04174c90fceb0697d045245e1eedc7c6b786df38421cda82ca2c43a

    Download Submit

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    135KB

    MD5

    1a6f759b4a080b08ddd3909e46c4692a

    SHA1

    f2d799d930b90e027a16b3867b875308a7f257d7

    SHA256

    6a9e410793fb484e06001f651b58dc8fb54421bc1d069a9996be10fb9a8f157d

    SHA512

    4c18db2b312df7a184b05611d1e916ade02d3bac5e292656c6f2a09d324419b7568d80b7f04174c90fceb0697d045245e1eedc7c6b786df38421cda82ca2c43a

    Download Submit

  • memory/916-64-0x00000000008B0000-0x000000000090B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1464-54-0x0000000075B51000-0x0000000075B53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1464-55-0x00000000000F0000-0x000000000014B000-memory.dmp

    Filesize

    364KB

    Download