Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
68s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20/10/2022, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
4070bc8937a7c729417fbd3e5833adfa87e89885127e36b7b19de25313dc3686.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4070bc8937a7c729417fbd3e5833adfa87e89885127e36b7b19de25313dc3686.exe
Resource
win10v2004-20220812-en
General
-
Target
4070bc8937a7c729417fbd3e5833adfa87e89885127e36b7b19de25313dc3686.exe
-
Size
128KB
-
MD5
904762030bb09d234c00a95497801960
-
SHA1
b332ab88defc15a1428d6ee5eece492755a66d6b
-
SHA256
4070bc8937a7c729417fbd3e5833adfa87e89885127e36b7b19de25313dc3686
-
SHA512
526536809f066c0f7ce18979c0634a97e7c1e3606b5eaae869552eeb7ba02a02dccb0753ea14e56e8fd4b986fdf597823b2abdf244329b2aa8bcbf6da468d5b9
-
SSDEEP
3072:3IMVZT5GqVXivw0TaWC8hqsCK8k9t3ywG3RY1W9V7O:3IMVhEdo0Tap8hqsChk95yvhO+O
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1116 sgfgrig.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\sgfgrig.exe 4070bc8937a7c729417fbd3e5833adfa87e89885127e36b7b19de25313dc3686.exe File created C:\PROGRA~3\Mozilla\ogcwmgm.dll sgfgrig.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1336 wrote to memory of 1116 1336 taskeng.exe 28 PID 1336 wrote to memory of 1116 1336 taskeng.exe 28 PID 1336 wrote to memory of 1116 1336 taskeng.exe 28 PID 1336 wrote to memory of 1116 1336 taskeng.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4070bc8937a7c729417fbd3e5833adfa87e89885127e36b7b19de25313dc3686.exe"C:\Users\Admin\AppData\Local\Temp\4070bc8937a7c729417fbd3e5833adfa87e89885127e36b7b19de25313dc3686.exe"1⤵
- Drops file in Program Files directory
PID:900
-
C:\Windows\system32\taskeng.exetaskeng.exe {A2C24052-5E69-4E1F-A4CE-4A5C4B60A5BC} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1336 -
C:\PROGRA~3\Mozilla\sgfgrig.exeC:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1116
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5e2421b477c783d7b04a16dc3d4a0f833
SHA11fdba66420aac822d796057d5423b9b1a2f82ddf
SHA256e4c8f0c980f7c0fd9894fe56056a27bbfab0099e9c8c68aa17f5285de93eed84
SHA512fbe1f945c75d85ab527b0ee59dd2ed917178d2b7657fcf0d04037ba3577f90f41d43bb5ce922a0836012c3887caa5ab9ff846a16a1d9b901f1681dead4066d25
-
Filesize
128KB
MD5e2421b477c783d7b04a16dc3d4a0f833
SHA11fdba66420aac822d796057d5423b9b1a2f82ddf
SHA256e4c8f0c980f7c0fd9894fe56056a27bbfab0099e9c8c68aa17f5285de93eed84
SHA512fbe1f945c75d85ab527b0ee59dd2ed917178d2b7657fcf0d04037ba3577f90f41d43bb5ce922a0836012c3887caa5ab9ff846a16a1d9b901f1681dead4066d25