Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    254s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 14:39

General

  • Target

    fe19bdab9992471d86c858eaa3eaf7b3f9623030ffcf54b475594377ea575d1d.exe

  • Size

    482KB

  • MD5

    259316770627da55f2dc5c79eefaf5d2

  • SHA1

    41f9ac47683d119bd3807b684800531e0f3a1119

  • SHA256

    fe19bdab9992471d86c858eaa3eaf7b3f9623030ffcf54b475594377ea575d1d

  • SHA512

    d1e4639ef7ad282f7c111d3a783445fb685e2f553b0833b4d4502c9d8b5dfc8d585093804ea0df51a03b116d03021a5d8050baa839c7fed6360d417f242a8709

  • SSDEEP

    12288:yQDzWQSRnQ2QcKe86VovGiI/Z/UwWTRuqcMBazK:yICdecr8TI/ZTqcMBL

Score
6/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Modifies registry class 40 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe19bdab9992471d86c858eaa3eaf7b3f9623030ffcf54b475594377ea575d1d.exe
    "C:\Users\Admin\AppData\Local\Temp\fe19bdab9992471d86c858eaa3eaf7b3f9623030ffcf54b475594377ea575d1d.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1632

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1632-54-0x00000000757C1000-0x00000000757C3000-memory.dmp

    Filesize

    8KB

  • memory/1632-55-0x0000000000400000-0x0000000000604000-memory.dmp

    Filesize

    2.0MB

  • memory/1632-56-0x0000000000400000-0x0000000000604000-memory.dmp

    Filesize

    2.0MB

  • memory/1632-57-0x0000000000400000-0x0000000000604000-memory.dmp

    Filesize

    2.0MB