Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

2ef4c765a7...38.exe

windows7-x64

8

2ef4c765a7...38.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    46s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 20:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ef4c765a721df9af1d3c90c4fe2926d9d5beddd1251fe2babcae9782240e138.exe

  • Size

    290KB

  • MD5

    a0616e5804753d803a522e3cdc01c360

  • SHA1

    84d960c092a116f5cde45d7288338b7c65115533

  • SHA256

    2ef4c765a721df9af1d3c90c4fe2926d9d5beddd1251fe2babcae9782240e138

  • SHA512

    c75716969ac5be6c1f5d877b036e5823339812975aee07296321fbf681958db1ba4702c3acd80aea8fd928fb9184a1f11c19da329a49ec2f5b50d275a8eb02e8

  • SSDEEP

    6144:vX5jF73fCuHYpjlrBnJAD2XEN6er3qgmbrU75MLlf4YKLHwD/:vNF73fF4vrXAD5avoukLU

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ef4c765a721df9af1d3c90c4fe2926d9d5beddd1251fe2babcae9782240e138.exe
    "C:\Users\Admin\AppData\Local\Temp\2ef4c765a721df9af1d3c90c4fe2926d9d5beddd1251fe2babcae9782240e138.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1632
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {E8514208-E8DE-4A86-86A3-94A7A84EF02B} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1452

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    290KB

    MD5

    dbd46108dbf9704e42fc25bd9914c0ca

    SHA1

    ae2e44a20ff8b4ce0c602e925e57a0ce327bc731

    SHA256

    4a07e5a3db4e5b81c4b9ec1f2701653ad1e2bb09160fd346d1e1d4a5038506c3

    SHA512

    ae387ddd632ec6a97e0aa33d44a5279b0e9888cb0a3de1e9c7a5ec33f2f8eddee27ac67a84342ae278d6e4b88cd55f8aae8a5d88102df03ac312609238017964

    Download Submit

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    290KB

    MD5

    dbd46108dbf9704e42fc25bd9914c0ca

    SHA1

    ae2e44a20ff8b4ce0c602e925e57a0ce327bc731

    SHA256

    4a07e5a3db4e5b81c4b9ec1f2701653ad1e2bb09160fd346d1e1d4a5038506c3

    SHA512

    ae387ddd632ec6a97e0aa33d44a5279b0e9888cb0a3de1e9c7a5ec33f2f8eddee27ac67a84342ae278d6e4b88cd55f8aae8a5d88102df03ac312609238017964

    Download Submit

  • memory/1452-65-0x0000000000390000-0x00000000003EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1632-54-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1632-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1632-56-0x0000000001BC0000-0x0000000001C1B000-memory.dmp

    Filesize

    364KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.