Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
51s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/11/2022, 09:46
Static task
static1
Behavioral task
behavioral1
Sample
0a72173cf92c17b03cc650450650498096866a664750526b093feb3a0adfc7ad.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0a72173cf92c17b03cc650450650498096866a664750526b093feb3a0adfc7ad.exe
Resource
win10v2004-20220812-en
General
-
Target
0a72173cf92c17b03cc650450650498096866a664750526b093feb3a0adfc7ad.exe
-
Size
144KB
-
MD5
20b1c5bcbb9598d68d778a4c5eddd620
-
SHA1
ad03934c5eeda11e93de5ba299c8322f4e44c885
-
SHA256
0a72173cf92c17b03cc650450650498096866a664750526b093feb3a0adfc7ad
-
SHA512
a473607f68a908b8174b214417a7026c02564de8b6f12979a044744c6c00a4cf58319d4a4d759c6de53ff830f46585828e6636dc8becfccf8f7a9f9bd6099e74
-
SSDEEP
3072:MHuG6Xkuwh2ntk2LzSV0aKs+cEBbcJYixDbNSxYi4XIpXuoNw:MOGGS2ntkY1Ac4Dbf4pXuoK
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1772 sgfgrig.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\sgfgrig.exe 0a72173cf92c17b03cc650450650498096866a664750526b093feb3a0adfc7ad.exe File created C:\PROGRA~3\Mozilla\ogcwmgm.dll sgfgrig.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1752 wrote to memory of 1772 1752 taskeng.exe 29 PID 1752 wrote to memory of 1772 1752 taskeng.exe 29 PID 1752 wrote to memory of 1772 1752 taskeng.exe 29 PID 1752 wrote to memory of 1772 1752 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a72173cf92c17b03cc650450650498096866a664750526b093feb3a0adfc7ad.exe"C:\Users\Admin\AppData\Local\Temp\0a72173cf92c17b03cc650450650498096866a664750526b093feb3a0adfc7ad.exe"1⤵
- Drops file in Program Files directory
PID:1832
-
C:\Windows\system32\taskeng.exetaskeng.exe {54A40627-259C-4223-BB8B-3E5093BFE48B} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\PROGRA~3\Mozilla\sgfgrig.exeC:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1772
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144KB
MD595ff31c1b09bfbb6e9dda9469523efe2
SHA106245e7ace3e219a1af7a93797ea425d1f413e82
SHA256817f03b4b5761c5c62e45833c1861095ffbbda09001a80ae7053bac8929e661a
SHA5124638b21b717e367644ea27aff3ebbd2941fd16b9ebd4b3afc0f644051ac850b71327a7f63605f07d0f919e14a9c48f9ef98d10c1a676c35d6aa9204238449d7d
-
Filesize
144KB
MD595ff31c1b09bfbb6e9dda9469523efe2
SHA106245e7ace3e219a1af7a93797ea425d1f413e82
SHA256817f03b4b5761c5c62e45833c1861095ffbbda09001a80ae7053bac8929e661a
SHA5124638b21b717e367644ea27aff3ebbd2941fd16b9ebd4b3afc0f644051ac850b71327a7f63605f07d0f919e14a9c48f9ef98d10c1a676c35d6aa9204238449d7d