Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
101s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 09:17
Static task
static1
Behavioral task
behavioral1
Sample
4ac4e9138a81bf30b9d3d349087f4cdf41ed317b920394754b6731fbbe731efd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4ac4e9138a81bf30b9d3d349087f4cdf41ed317b920394754b6731fbbe731efd.exe
Resource
win10v2004-20220812-en
General
-
Target
4ac4e9138a81bf30b9d3d349087f4cdf41ed317b920394754b6731fbbe731efd.exe
-
Size
141KB
-
MD5
0db525a1cfe94ece29e8e1bede9a0c90
-
SHA1
f1ec85a5dad13180403848e8db7bc006b57465b4
-
SHA256
4ac4e9138a81bf30b9d3d349087f4cdf41ed317b920394754b6731fbbe731efd
-
SHA512
2f22481cc2098104fb41e239c84d5d737ea2c83337ea0687c7d7b98bf461c6852e0a62e0ff9c1f32a4088c1610ccd8602037c9b928f6979f81bfdb4e81427870
-
SSDEEP
3072:ixHEI6rvvMV0nE17B+TnFnvcwHdtTQ3lNvuCLeEPbUXHrx0:ixkHMV0nE1l+LtvcwHbo/aSUXLx0
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 380 jydekdj.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jydekdj.exe 4ac4e9138a81bf30b9d3d349087f4cdf41ed317b920394754b6731fbbe731efd.exe File created C:\PROGRA~3\Mozilla\xdldjol.dll jydekdj.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 864 wrote to memory of 380 864 taskeng.exe 29 PID 864 wrote to memory of 380 864 taskeng.exe 29 PID 864 wrote to memory of 380 864 taskeng.exe 29 PID 864 wrote to memory of 380 864 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ac4e9138a81bf30b9d3d349087f4cdf41ed317b920394754b6731fbbe731efd.exe"C:\Users\Admin\AppData\Local\Temp\4ac4e9138a81bf30b9d3d349087f4cdf41ed317b920394754b6731fbbe731efd.exe"1⤵
- Drops file in Program Files directory
PID:2024
-
C:\Windows\system32\taskeng.exetaskeng.exe {09C16B13-35C8-49F4-A943-4CC7FE4B969C} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:864 -
C:\PROGRA~3\Mozilla\jydekdj.exeC:\PROGRA~3\Mozilla\jydekdj.exe -vamlaul2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:380
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
141KB
MD5ca249227714989c2e6432bc22a013fd3
SHA13589328db1433761403d1acfbebdd7b48985eb5f
SHA25665ec59a82812010c076129df67e7212811488f63cf119caeacfffd431dc83b91
SHA51259f57d822b3eb4a184088b9ef4b4ad3cfaf97c85dacd6af914342f0340236a6f19eac5af9772374dc434822c115f7dc00919836c3abfa9193e5cf1d9b9875aed
-
Filesize
141KB
MD5ca249227714989c2e6432bc22a013fd3
SHA13589328db1433761403d1acfbebdd7b48985eb5f
SHA25665ec59a82812010c076129df67e7212811488f63cf119caeacfffd431dc83b91
SHA51259f57d822b3eb4a184088b9ef4b4ad3cfaf97c85dacd6af914342f0340236a6f19eac5af9772374dc434822c115f7dc00919836c3abfa9193e5cf1d9b9875aed