Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5475464aa9...04.exe

windows7-x64

8

5475464aa9...04.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5475464aa90d9d46595806cf2c74d91761ccab72f9cc93547807cc0fd16dae04.exe

  • Size

    546KB

  • MD5

    440233151e7560ab080ccc8c679479a0

  • SHA1

    56ec190c9d235c450d7fa1533ad04c4dc08a6401

  • SHA256

    5475464aa90d9d46595806cf2c74d91761ccab72f9cc93547807cc0fd16dae04

  • SHA512

    daef3d729264484b32900ab7452daa3266248da5c0292895056593ecf819b7865fdba8accffa0571e6752e0e5498284f88753d0c365332e463607962f8d52101

  • SSDEEP

    12288:MDl+ph7q51xHKwscUSCir2GOe9mtHMfNGlZ6zrR8icDPwlEA/q:+l+phkxVRUSCiqGOe0tsfNo63Rje

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5475464aa90d9d46595806cf2c74d91761ccab72f9cc93547807cc0fd16dae04.exe
    "C:\Users\Admin\AppData\Local\Temp\5475464aa90d9d46595806cf2c74d91761ccab72f9cc93547807cc0fd16dae04.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1960
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {ABA13E8A-2F0F-49EC-8C27-8167C069E13F} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\PROGRA~3\Mozilla\nswitkh.exe
      C:\PROGRA~3\Mozilla\nswitkh.exe -vhgoixm
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    546KB

    MD5

    fe00dc8e2a375d8b707bf2c8503b57ee

    SHA1

    143fde26b7aeefcabc1940d70d846150914ffcbe

    SHA256

    88ffe1ac0a9ae2ab9460ea2a28049f977290b96c0ad29e854ad22d75a16b377b

    SHA512

    57a80c8754a69f01fa4363fdfc664d09b2f6c72af83d80bc0b0c8ba06e14ef7b1d818bf30c6c5c5aad483ba72b4b771de35b909573a686c827bc04da702fc6e7

    Download Submit

  • C:\PROGRA~3\Mozilla\nswitkh.exe
    Filesize

    546KB

    MD5

    fe00dc8e2a375d8b707bf2c8503b57ee

    SHA1

    143fde26b7aeefcabc1940d70d846150914ffcbe

    SHA256

    88ffe1ac0a9ae2ab9460ea2a28049f977290b96c0ad29e854ad22d75a16b377b

    SHA512

    57a80c8754a69f01fa4363fdfc664d09b2f6c72af83d80bc0b0c8ba06e14ef7b1d818bf30c6c5c5aad483ba72b4b771de35b909573a686c827bc04da702fc6e7

    Download Submit

  • memory/1960-54-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download

  • memory/1960-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1960-56-0x0000000000400000-0x000000000045D000-memory.dmp

    Filesize

    372KB

    Download