Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/10/2022, 22:36
Static task
static1
Behavioral task
behavioral1
Sample
60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
Resource
win10v2004-20220901-en
General
-
Target
60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe
-
Size
168KB
-
MD5
554e65fc297fb631094fbbc15be61730
-
SHA1
8e9d910c321d588b72daaaf801b4c37101ca270c
-
SHA256
60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9
-
SHA512
2a840df37f7b25257320b26d3cb4570c66c33b30384959616f4c9effcefce66dbbc3c1486704d04e5218e05335714c0f0667d9ebb389cbfeb69dcd19f06b25ff
-
SSDEEP
3072:Q1uis3Hb+Q5Xq8+5zQWFDsJrmVyzACeJwi72jlQpBW/RsFPPtuui/g20NdyPOB:y0bR1+5kWFQBYAcJDpo6FPPt6g2Bi
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 240 jwufxge.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jwufxge.exe 60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe File created C:\PROGRA~3\Mozilla\hvkykah.dll jwufxge.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1852 wrote to memory of 240 1852 taskeng.exe 28 PID 1852 wrote to memory of 240 1852 taskeng.exe 28 PID 1852 wrote to memory of 240 1852 taskeng.exe 28 PID 1852 wrote to memory of 240 1852 taskeng.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe"C:\Users\Admin\AppData\Local\Temp\60b4fc2d9a816bb714c048a7c6dccdf2aa68f96930f62f6eb751c8e79ebc83c9.exe"1⤵
- Drops file in Program Files directory
PID:944
-
C:\Windows\system32\taskeng.exetaskeng.exe {24553973-1762-4224-A222-4F7116E7B248} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1852 -
C:\PROGRA~3\Mozilla\jwufxge.exeC:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:240
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD544ac4f9adff245d2a018b8827cdd9216
SHA14e1dc7454262f39d90e8e6df8b056e2dd716ebed
SHA256abf64b3ae57972dcef28f02fa5b04e36e587426b99a7817b05158bd8c5e89db0
SHA5122148f1e4fa6bb03b7fa44fefc5208128807f9fb698fcf3e75d11881b5169958e56e721631defc8040dd1b48e969929a1a56da7b9a5a4ee92c6302c76333e3bf9
-
Filesize
168KB
MD544ac4f9adff245d2a018b8827cdd9216
SHA14e1dc7454262f39d90e8e6df8b056e2dd716ebed
SHA256abf64b3ae57972dcef28f02fa5b04e36e587426b99a7817b05158bd8c5e89db0
SHA5122148f1e4fa6bb03b7fa44fefc5208128807f9fb698fcf3e75d11881b5169958e56e721631defc8040dd1b48e969929a1a56da7b9a5a4ee92c6302c76333e3bf9