Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
28/11/2022, 00:17
Static task
static1
Behavioral task
behavioral1
Sample
ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe
Resource
win10v2004-20220812-en
General
-
Target
ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe
-
Size
168KB
-
MD5
487bed241af2669d3f3ad40aa8d88fab
-
SHA1
f456033768632a7776c1d26eb9e9c8a4399ad689
-
SHA256
ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5
-
SHA512
f7e3940411aa6f7f9796fb8c361efc82aac56eab8496c5b4fd7bbbb04ae65cc3299b859cfaeda7dbef5add9d503ff233087c45af69ee7e79520515ff21d48592
-
SSDEEP
3072:Wbg/Zb5PCiXYteEp/tJzRg5eoEHhxAlJyRGQCfeypNfzSeKkCc:vBdPDIFJ/zRVoE8lJyJC2yp4e9
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1476 jjruejn.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jjruejn.exe ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe File created C:\PROGRA~3\Mozilla\segfnra.dll jjruejn.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 568 wrote to memory of 1476 568 taskeng.exe 28 PID 568 wrote to memory of 1476 568 taskeng.exe 28 PID 568 wrote to memory of 1476 568 taskeng.exe 28 PID 568 wrote to memory of 1476 568 taskeng.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe"C:\Users\Admin\AppData\Local\Temp\ada423d848e5e724f24e918086d7802abf217328cb139dbe71a2d7229a9271c5.exe"1⤵
- Drops file in Program Files directory
PID:1396
-
C:\Windows\system32\taskeng.exetaskeng.exe {DE647017-4BD3-4A96-BC70-3DB7F9F23F8C} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:568 -
C:\PROGRA~3\Mozilla\jjruejn.exeC:\PROGRA~3\Mozilla\jjruejn.exe -npivonl2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1476
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD550cdcf2b2d218718e88a860bb7277672
SHA19a613bfdb3b49d8acbfed398be7f549953a33299
SHA256087c393a864fc934d1a7252b2d6a5102a28a79be2d42983c40c8a06740bb21d9
SHA5124d090aa5d1e088ba665726897328ad9261e352bcaf738c812049891202e46126c9593bdeb53464e745484adfc13dbcde9d59017cf53f2d65d90c1fb3d75f7fc8
-
Filesize
168KB
MD550cdcf2b2d218718e88a860bb7277672
SHA19a613bfdb3b49d8acbfed398be7f549953a33299
SHA256087c393a864fc934d1a7252b2d6a5102a28a79be2d42983c40c8a06740bb21d9
SHA5124d090aa5d1e088ba665726897328ad9261e352bcaf738c812049891202e46126c9593bdeb53464e745484adfc13dbcde9d59017cf53f2d65d90c1fb3d75f7fc8