Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2022, 22:56
Static task
static1
Behavioral task
behavioral1
Sample
7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe
-
Size
47KB
-
MD5
0c085e89b48f6f544a375444cadd1363
-
SHA1
0478c6f5363e2f84873eaffbfc778f390e4f88b1
-
SHA256
7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b
-
SHA512
48d696bf18e7ccf4f3e7f58222d5133ab213ab79902e2b21036e5d4cde37a6c02027dd6ed8c1ae143c80b5ef281a83df901c4a10b09262b3348cd7b30b4eeb5f
-
SSDEEP
768:fCByqdS4QOgueb5s7/bLe9fIS8XjSsNKzyKL4XGVsVTYgex6v7ToMV0lIJw:64qY4QSebqD9maIyIeVTYgRXj0lc
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsAutoUpData = "C:\\Windows\\system32\\msdns.exe" 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe -
Drops file in System32 directory 3 IoCs
description ioc Process File created C:\Windows\SysWOW64\msdns.exe 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe File opened for modification C:\Windows\SysWOW64\msdns.exe 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe File created C:\Windows\SysWOW64\htdll.dll 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe 4064 7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe"C:\Users\Admin\AppData\Local\Temp\7aa5db4634e0d16df60c8f88ceeb83d06ce12e1c92e7a89a2330430e2db2c39b.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4064
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD55c334ab6ec413a86d77ebdb96dc6d933
SHA1874f14b0817a84e02ba4f2d918d054c78faaf147
SHA25655e42fbb9e21530f3da918b7596b02cc41871ccde1184322d23a90e6d610eabf
SHA512c5b08156a11b82b067a0725e1c13eb8d0d9368db36684c56a2cd8711b7bb07a2794cc2234bd046e4057989202690b16f741b5c966ff8e5a991f37675479b9af0
-
Filesize
20KB
MD55c334ab6ec413a86d77ebdb96dc6d933
SHA1874f14b0817a84e02ba4f2d918d054c78faaf147
SHA25655e42fbb9e21530f3da918b7596b02cc41871ccde1184322d23a90e6d610eabf
SHA512c5b08156a11b82b067a0725e1c13eb8d0d9368db36684c56a2cd8711b7bb07a2794cc2234bd046e4057989202690b16f741b5c966ff8e5a991f37675479b9af0