Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

658b8c658d...e8.exe

windows7-x64

8

658b8c658d...e8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    59s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    658b8c658ddd89cf33c381bb6568d034dcdbb4e4362292fdd8319503fd4f8fe8.exe

  • Size

    237KB

  • MD5

    3167332b3f865c3dfe7102c12bf7626f

  • SHA1

    2d70835e267a551c4079faa4a0d4033a4c46ad92

  • SHA256

    658b8c658ddd89cf33c381bb6568d034dcdbb4e4362292fdd8319503fd4f8fe8

  • SHA512

    fb4bce838d826e0e871661e350022075c48399185e355a974f8c9a7a0405cdf94b9b104032a337e8f83ebac4dd6764036f1cded61f2c5fe51b9828c8c4f875f8

  • SSDEEP

    3072:JaZActViGCunMhuX01ln8vzo+C4EozGUp12ZbrImlKR6e2zAb:JaacfiGCuX01l8vzCoTpMZZe2zw

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\658b8c658ddd89cf33c381bb6568d034dcdbb4e4362292fdd8319503fd4f8fe8.exe
    "C:\Users\Admin\AppData\Local\Temp\658b8c658ddd89cf33c381bb6568d034dcdbb4e4362292fdd8319503fd4f8fe8.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:1464
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {437C3836-1C6C-41A2-9274-AB0DB41FF0A0} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\PROGRA~3\Mozilla\jjruejn.exe
      C:\PROGRA~3\Mozilla\jjruejn.exe -npivonl
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:1532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    237KB

    MD5

    c45bf474c6e9179a579bdedc1807d9c0

    SHA1

    8bf26084c777750ce024f17ce8068792bfcfd81a

    SHA256

    0ec701fc20d83caac119d9872395cc66c62fbc70287933e90abd2cb268e19b83

    SHA512

    0ae23d7679285f40ea9e436dd543c48fd2b69d41cf9fdf17d813ee18f50c02bedbeb86da82e9e3f2a9cf23ae2a9fc4d736d001104cc55b730a64ab9017dae09f

    Download Submit

  • C:\PROGRA~3\Mozilla\jjruejn.exe
    Filesize

    237KB

    MD5

    c45bf474c6e9179a579bdedc1807d9c0

    SHA1

    8bf26084c777750ce024f17ce8068792bfcfd81a

    SHA256

    0ec701fc20d83caac119d9872395cc66c62fbc70287933e90abd2cb268e19b83

    SHA512

    0ae23d7679285f40ea9e436dd543c48fd2b69d41cf9fdf17d813ee18f50c02bedbeb86da82e9e3f2a9cf23ae2a9fc4d736d001104cc55b730a64ab9017dae09f

    Download Submit

  • memory/1464-54-0x00000000758B1000-0x00000000758B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1464-55-0x0000000000330000-0x000000000038B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1464-56-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1464-57-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1532-62-0x0000000000460000-0x00000000004BB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1532-63-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1532-64-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download