Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30/10/2022, 13:29
Static task
static1
Behavioral task
behavioral1
Sample
167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe
Resource
win10v2004-20220812-en
General
-
Target
167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe
-
Size
364KB
-
MD5
a37652739e7f8b041381c90afaad3790
-
SHA1
d288653963af2551fbe6c32a638425712a44564e
-
SHA256
167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953
-
SHA512
1d95bc9790a055264438dcce50ab5d2e3802112fcfec42fa8494ae63ef925e920c2d032affdb8b32d43910a9fc9e8c9b04913bdca52f165b5e39c5b90079d72e
-
SSDEEP
3072:J/IXvD2enVN5UkLVZq5Bi23zKLOJLxHLcSrMXnmujpkxvU84xUa4bjRTItEcmHp:J/IfD2ApVZYiROJtLlMXtpeqJ2jydmHp
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 612 sgfgrig.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\sgfgrig.exe 167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe File created C:\PROGRA~3\Mozilla\ogcwmgm.dll sgfgrig.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1440 167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe 612 sgfgrig.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 612 2008 taskeng.exe 29 PID 2008 wrote to memory of 612 2008 taskeng.exe 29 PID 2008 wrote to memory of 612 2008 taskeng.exe 29 PID 2008 wrote to memory of 612 2008 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe"C:\Users\Admin\AppData\Local\Temp\167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1440
-
C:\Windows\system32\taskeng.exetaskeng.exe {C49B57A0-D796-4B2D-B605-D70B73A63200} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\PROGRA~3\Mozilla\sgfgrig.exeC:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:612
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
364KB
MD5e238d1cd2b2fddd56eaf21606311bfed
SHA1b4809dc1c70d0f3bd43fa42a86821bd5da699f9a
SHA256674984d4f2cd0846959993b3729451c134c898802556277c4cc8b76f28fc68c1
SHA5122fa29c4465a391487de23285f3a1eeffba6510c6147f4be87ad5590a17b6a5fa9a596bffa02d522c1780aed93a5b6815030d60a6532830b392b46876316a09a9
-
Filesize
364KB
MD5e238d1cd2b2fddd56eaf21606311bfed
SHA1b4809dc1c70d0f3bd43fa42a86821bd5da699f9a
SHA256674984d4f2cd0846959993b3729451c134c898802556277c4cc8b76f28fc68c1
SHA5122fa29c4465a391487de23285f3a1eeffba6510c6147f4be87ad5590a17b6a5fa9a596bffa02d522c1780aed93a5b6815030d60a6532830b392b46876316a09a9