Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

167b31ddda...53.exe

windows7-x64

8

167b31ddda...53.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe

  • Size

    364KB

  • MD5

    a37652739e7f8b041381c90afaad3790

  • SHA1

    d288653963af2551fbe6c32a638425712a44564e

  • SHA256

    167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953

  • SHA512

    1d95bc9790a055264438dcce50ab5d2e3802112fcfec42fa8494ae63ef925e920c2d032affdb8b32d43910a9fc9e8c9b04913bdca52f165b5e39c5b90079d72e

  • SSDEEP

    3072:J/IXvD2enVN5UkLVZq5Bi23zKLOJLxHLcSrMXnmujpkxvU84xUa4bjRTItEcmHp:J/IfD2ApVZYiROJtLlMXtpeqJ2jydmHp

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe
    "C:\Users\Admin\AppData\Local\Temp\167b31dddaad4a2424c6067cbaeccd53a9f7b83b4097f548cf1f3eb5ff102953.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1440
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {C49B57A0-D796-4B2D-B605-D70B73A63200} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\PROGRA~3\Mozilla\sgfgrig.exe
      C:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:612

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    364KB

    MD5

    e238d1cd2b2fddd56eaf21606311bfed

    SHA1

    b4809dc1c70d0f3bd43fa42a86821bd5da699f9a

    SHA256

    674984d4f2cd0846959993b3729451c134c898802556277c4cc8b76f28fc68c1

    SHA512

    2fa29c4465a391487de23285f3a1eeffba6510c6147f4be87ad5590a17b6a5fa9a596bffa02d522c1780aed93a5b6815030d60a6532830b392b46876316a09a9

    Download Submit

  • C:\PROGRA~3\Mozilla\sgfgrig.exe
    Filesize

    364KB

    MD5

    e238d1cd2b2fddd56eaf21606311bfed

    SHA1

    b4809dc1c70d0f3bd43fa42a86821bd5da699f9a

    SHA256

    674984d4f2cd0846959993b3729451c134c898802556277c4cc8b76f28fc68c1

    SHA512

    2fa29c4465a391487de23285f3a1eeffba6510c6147f4be87ad5590a17b6a5fa9a596bffa02d522c1780aed93a5b6815030d60a6532830b392b46876316a09a9

    Download Submit

  • memory/612-62-0x00000000004D0000-0x000000000052B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/612-63-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/612-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1440-54-0x0000000076181000-0x0000000076183000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1440-55-0x0000000000260000-0x00000000002BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1440-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1440-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download