Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6ab1e3b5ce...55.exe

windows7-x64

8

6ab1e3b5ce...55.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    53s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ab1e3b5ce509aea6849c8bcec66821b4bd5c481236e2f0b12b95989f7fa4655.exe

  • Size

    166KB

  • MD5

    0ffce146d28d6b691490c83205a9ae50

  • SHA1

    e75075391fcc666d7ec64a3752df474a5308cade

  • SHA256

    6ab1e3b5ce509aea6849c8bcec66821b4bd5c481236e2f0b12b95989f7fa4655

  • SHA512

    9f925dfcc2f8feaabe2ce0a1d536a4d04e765a9c9da3cca79c8252dfe0f57b646a1461e4fc9c624b1826897efb136ce3b7e7dd2452ba0b6188456fbeb3f7cff7

  • SSDEEP

    3072:AQZ2HjtRWsfssW+qKgRCogXMyYAhcuEDeiLS87pAAL/oOL:m7fs2UCoIcrDJScLQW

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ab1e3b5ce509aea6849c8bcec66821b4bd5c481236e2f0b12b95989f7fa4655.exe
    "C:\Users\Admin\AppData\Local\Temp\6ab1e3b5ce509aea6849c8bcec66821b4bd5c481236e2f0b12b95989f7fa4655.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1392
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {67A561F8-0A9F-4B32-9A57-A4D704C276B6} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1052

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    21KB

    MD5

    5340da52d866ac7b63fac6e57a4e3fba

    SHA1

    1f898c9ba4a2f4e212ddab3976defabd1b6a1012

    SHA256

    647c249c2ecaeca321b786ebc9ba1e4d87261b1041ebb9728e331f7dfeef2af9

    SHA512

    48869ee31833ad354ba3e2fd000669aca443046e24b4bbf9fc09d7826b7cea37f09af1026e5e98086a6a00735abcd623942804f89c32a319e85b5cc646a0806a

    Download Submit

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    28KB

    MD5

    51b7b930a53f974340fa538b8ada6110

    SHA1

    4a833bf514d65259383bc0078cecda24e0d36f8f

    SHA256

    a90728aa846bdfc746d57e5bf228dd8105c7efb3f76a1328bfd13d025cf17cb7

    SHA512

    9e89138dad362a76961f99fb7e7531580f78d5701aabe84625fce6d629b437cb1c4919759959cee8c7ebc18775a1b04515fd88b0186c87b2835be209b6d7d8b6

    Download Submit

  • memory/1052-64-0x0000000000400000-0x000000000046B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1052-62-0x0000000000400000-0x000000000046B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1392-54-0x0000000000400000-0x000000000046B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1392-56-0x0000000000400000-0x000000000046B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1392-55-0x0000000075601000-0x0000000075603000-memory.dmp

    Filesize

    8KB

    Download