Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

a86408e9d4...28.exe

windows7-x64

8

a86408e9d4...28.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a86408e9d451abf8bcbcaea95af9875ea0b23e54bfffc1e7dc0c1a840f1d0b28.exe

  • Size

    147KB

  • MD5

    5b99e3ec441c4819be8b9a47e3e42610

  • SHA1

    19921271906afccbcb6ffc8bce3da8389b053f57

  • SHA256

    a86408e9d451abf8bcbcaea95af9875ea0b23e54bfffc1e7dc0c1a840f1d0b28

  • SHA512

    0d4311f70de9e6cb5d3f34e9959592b08092e43dfe83a8237d399ef60b93ce7b1d933225a5b86345bc7e495923a02be7aadfbfe939ed2aaf481532e93a7e1e51

  • SSDEEP

    3072:ylVH/Q9pLokvctwzeKanw/3qRkfs/SRyhQSJQsgXwksg7N/J:ylVfi9ctwzeKa+kFBiS6sg1z3

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a86408e9d451abf8bcbcaea95af9875ea0b23e54bfffc1e7dc0c1a840f1d0b28.exe
    "C:\Users\Admin\AppData\Local\Temp\a86408e9d451abf8bcbcaea95af9875ea0b23e54bfffc1e7dc0c1a840f1d0b28.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1324
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {0D61F962-27AF-43C7-A3A4-F3D51B0028C7} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    147KB

    MD5

    ee1de6f2601012a4c97b06b9e4789c9b

    SHA1

    b86529d63c9b43594f87ced17277a296a6a07481

    SHA256

    1c7120009ce331ce1a888c659a159c058694a0b09b4eb6bbed4acc9aa8ebf098

    SHA512

    5e22893f20ce752bb99d53517b63e0c7b773e788b54603636ed2de6884c0629f4c5acd0f63894057c76db49e9d8270b6f8a1dd68ad1178e45817aea277afd49d

    Download Submit

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    147KB

    MD5

    ee1de6f2601012a4c97b06b9e4789c9b

    SHA1

    b86529d63c9b43594f87ced17277a296a6a07481

    SHA256

    1c7120009ce331ce1a888c659a159c058694a0b09b4eb6bbed4acc9aa8ebf098

    SHA512

    5e22893f20ce752bb99d53517b63e0c7b773e788b54603636ed2de6884c0629f4c5acd0f63894057c76db49e9d8270b6f8a1dd68ad1178e45817aea277afd49d

    Download Submit

  • memory/768-66-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/768-64-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/768-69-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/768-70-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1324-54-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1324-55-0x00000000752B1000-0x00000000752B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1324-56-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1324-59-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1324-60-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download