Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 09:14
Static task
static1
Behavioral task
behavioral1
Sample
4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe
Resource
win10v2004-20220812-en
General
-
Target
4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe
-
Size
541KB
-
MD5
00c60e1945d9584792f3691b82378bd0
-
SHA1
1a3c59f04840e88c8574156571fe9473d4d1e73f
-
SHA256
4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20
-
SHA512
e501057cf6120aaeba933897c5208897e9b00b41f34e2c1e69ec75754daf6c8a7b2e83edc7d8c4c42b4cf2c095311f428ee63e99dde78a154fec333839e6d8cf
-
SSDEEP
12288:Iu3URWtsYf8PemjE8h0UxH9ND6fvhMrf1seW2/ag2nR:IkQe8PemjTh0Ul/8vh+qUAR
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1384 sgfgrig.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\sgfgrig.exe 4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe File created C:\PROGRA~3\Mozilla\ogcwmgm.dll sgfgrig.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 696 4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe 1384 sgfgrig.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2012 wrote to memory of 1384 2012 taskeng.exe 29 PID 2012 wrote to memory of 1384 2012 taskeng.exe 29 PID 2012 wrote to memory of 1384 2012 taskeng.exe 29 PID 2012 wrote to memory of 1384 2012 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe"C:\Users\Admin\AppData\Local\Temp\4d8b266dd6838aefd4c9110c9371d747cb9c2fcc2338ef0f628e3c43630ede20.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:696
-
C:\Windows\system32\taskeng.exetaskeng.exe {717B1D61-59AB-4D92-80B0-BFAC9F765D56} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
C:\PROGRA~3\Mozilla\sgfgrig.exeC:\PROGRA~3\Mozilla\sgfgrig.exe -smuvcxh2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1384
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
541KB
MD56d2549d68fb8bb18691ab8c87f67b3c5
SHA1ca22875e8d0f47661566e7ace45f099f959107c5
SHA256e0df1abc23af2a4b6748845d599b760b71852bad5f04f881b6db4294e38a34fa
SHA512a2648dcbd79addea9b677b8d8faea726c57538ee676044d4d125ea5ad08af9e321797b10d48283a04800688cbc430e05bebc7cf02abc633818236540468ef577
-
Filesize
541KB
MD56d2549d68fb8bb18691ab8c87f67b3c5
SHA1ca22875e8d0f47661566e7ace45f099f959107c5
SHA256e0df1abc23af2a4b6748845d599b760b71852bad5f04f881b6db4294e38a34fa
SHA512a2648dcbd79addea9b677b8d8faea726c57538ee676044d4d125ea5ad08af9e321797b10d48283a04800688cbc430e05bebc7cf02abc633818236540468ef577