Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

9def4f976c...f6.exe

windows7-x64

8

9def4f976c...f6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9def4f976c794c38e081dc628678f56a0c77743e721eadbbe10428cd0620d6f6.exe

  • Size

    288KB

  • MD5

    824af79c50432e0d45059c8e9b66e410

  • SHA1

    9971a9fbfe1ba94daaccb49a6be58960ed8a53f8

  • SHA256

    9def4f976c794c38e081dc628678f56a0c77743e721eadbbe10428cd0620d6f6

  • SHA512

    1d46274227859184edfddf97e2e2df6d063b87607f0320ec75599f37119e6b5b9007d1bcfda2b45142269cbf72c8f1805885813cf66213062549ec0e29458044

  • SSDEEP

    6144:E5+YVdttGOVfE3dhS0TF+3CTj1PCmjxypE4w330mhv9kKrepex09O:EjnttTVfShSUF+Ejp1yi30y+KqA09O

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9def4f976c794c38e081dc628678f56a0c77743e721eadbbe10428cd0620d6f6.exe
    "C:\Users\Admin\AppData\Local\Temp\9def4f976c794c38e081dc628678f56a0c77743e721eadbbe10428cd0620d6f6.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1612
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {72B8A792-96E3-4F2A-A712-F716EC16ACBD} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\PROGRA~3\Mozilla\jwufxge.exe
      C:\PROGRA~3\Mozilla\jwufxge.exe -kqepohf
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1288

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    288KB

    MD5

    6154de313816dc096c0a7d9ec75b8486

    SHA1

    8db981948fa72422b3931b87d6a7f751181c8192

    SHA256

    811f947c14c2267c8c475c1f3a98381d2f3e66521b9cf218a6c9403c1eea406b

    SHA512

    99bef282962fe32446922efb13244b5a6339ac0da5be75ce53b231987585a8572db4e6bb486bcbb1d1c68ff7de0e2ba0a3cea97b52090611d407f38c6171bef5

    Download Submit

  • C:\PROGRA~3\Mozilla\jwufxge.exe
    Filesize

    288KB

    MD5

    6154de313816dc096c0a7d9ec75b8486

    SHA1

    8db981948fa72422b3931b87d6a7f751181c8192

    SHA256

    811f947c14c2267c8c475c1f3a98381d2f3e66521b9cf218a6c9403c1eea406b

    SHA512

    99bef282962fe32446922efb13244b5a6339ac0da5be75ce53b231987585a8572db4e6bb486bcbb1d1c68ff7de0e2ba0a3cea97b52090611d407f38c6171bef5

    Download Submit

  • memory/1288-64-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1288-69-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1288-70-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1612-54-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1612-55-0x0000000076681000-0x0000000076683000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1612-56-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1612-59-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1612-60-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

    Download