Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
51s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 10:58
Static task
static1
Behavioral task
behavioral1
Sample
0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe
Resource
win10v2004-20221111-en
General
-
Target
0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe
-
Size
346KB
-
MD5
334830bdb011a8db817049f60da23050
-
SHA1
37f65866f351aff36f83c1809dcb21ce0a92b2fc
-
SHA256
0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59
-
SHA512
34f5d02903508c86951440ed933d8eee9442344aa966b01f128e8a8059dedc60098bf1ccc3927d8cb5388ff8e3967eb80be1ff3da1cf2d93915e9d09b2858a4c
-
SSDEEP
6144:mtlAjZhXij63XlSsrNtFGh1L7o3SbGqJcVTqV3:RZh463XEsxtFGT7o3Swu
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 520 jydekdj.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jydekdj.exe 0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe File created C:\PROGRA~3\Mozilla\xdldjol.dll jydekdj.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 536 0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe 520 jydekdj.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1292 wrote to memory of 520 1292 taskeng.exe 29 PID 1292 wrote to memory of 520 1292 taskeng.exe 29 PID 1292 wrote to memory of 520 1292 taskeng.exe 29 PID 1292 wrote to memory of 520 1292 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe"C:\Users\Admin\AppData\Local\Temp\0b34a4b76659650edbbf053adaf59d9e53e9de3e246071cb9a4496bfc98acd59.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:536
-
C:\Windows\system32\taskeng.exetaskeng.exe {5BE8202E-442C-40AF-ACD6-67B56656E0A6} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1292 -
C:\PROGRA~3\Mozilla\jydekdj.exeC:\PROGRA~3\Mozilla\jydekdj.exe -vamlaul2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:520
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
346KB
MD58fa4145b685bfb3c54c798010206be3c
SHA1d13bae71b4d1ecc6687999e66a1db09dfa05a1a7
SHA2564aaa8955c71ba3872f2308a18cfede7cd95dfc75903d5b66ea456b3613a8f0f8
SHA512c0fdb0800c3a8e24c7a9f72d6467315b86dba28cc5fd914a89dde5c3a14f16708c0f8dd2f7cf5a13ef345e95d3e0addb0d77437fc5698099458d58403237e2f5
-
Filesize
346KB
MD58fa4145b685bfb3c54c798010206be3c
SHA1d13bae71b4d1ecc6687999e66a1db09dfa05a1a7
SHA2564aaa8955c71ba3872f2308a18cfede7cd95dfc75903d5b66ea456b3613a8f0f8
SHA512c0fdb0800c3a8e24c7a9f72d6467315b86dba28cc5fd914a89dde5c3a14f16708c0f8dd2f7cf5a13ef345e95d3e0addb0d77437fc5698099458d58403237e2f5