Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
176s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 13:58
Static task
static1
Behavioral task
behavioral1
Sample
c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe
Resource
win10v2004-20221111-en
General
-
Target
c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe
-
Size
744KB
-
MD5
7d891a66209d06dcf587aa6592c8bc43
-
SHA1
d8b9eb656dda63a50d60d8989735dd57b241ee6b
-
SHA256
c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962
-
SHA512
dca797c9e570de68d5c5205e501fdffdc9828b325eda92b28bd73be1837c777df8b52095ee13431c8b15c63b34ed4e6bd3c840712b51e40bd32887a916d934e1
-
SSDEEP
12288:q6ZkpNM56do+sLt9ZHPxlK+GE4vebIk6bQQ52LgRg08y5HpnizO:qnMWrsLt9BpkS4vGIk6v3HC
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1312 fgdddfg.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\fgdddfg.exe c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe File opened for modification C:\Windows\fgdddfg.exe c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1780 c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe Token: SeDebugPrivilege 1312 fgdddfg.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1312 fgdddfg.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1312 wrote to memory of 1156 1312 fgdddfg.exe 29 PID 1312 wrote to memory of 1156 1312 fgdddfg.exe 29 PID 1312 wrote to memory of 1156 1312 fgdddfg.exe 29 PID 1312 wrote to memory of 1156 1312 fgdddfg.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe"C:\Users\Admin\AppData\Local\Temp\c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962.exe"1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1780
-
C:\Windows\fgdddfg.exeC:\Windows\fgdddfg.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1312 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"2⤵PID:1156
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
744KB
MD57d891a66209d06dcf587aa6592c8bc43
SHA1d8b9eb656dda63a50d60d8989735dd57b241ee6b
SHA256c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962
SHA512dca797c9e570de68d5c5205e501fdffdc9828b325eda92b28bd73be1837c777df8b52095ee13431c8b15c63b34ed4e6bd3c840712b51e40bd32887a916d934e1
-
Filesize
744KB
MD57d891a66209d06dcf587aa6592c8bc43
SHA1d8b9eb656dda63a50d60d8989735dd57b241ee6b
SHA256c199a75e7b602a140deaf95579235ed8a046b4fdff9c840958f4d61fde613962
SHA512dca797c9e570de68d5c5205e501fdffdc9828b325eda92b28bd73be1837c777df8b52095ee13431c8b15c63b34ed4e6bd3c840712b51e40bd32887a916d934e1