Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 06:05
Static task
static1
Behavioral task
behavioral1
Sample
2a5c41fdf30d170d018f746e1e72bb1c4adb6528c7efc3a880ee5e63788acd58.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2a5c41fdf30d170d018f746e1e72bb1c4adb6528c7efc3a880ee5e63788acd58.exe
Resource
win10v2004-20220812-en
General
-
Target
2a5c41fdf30d170d018f746e1e72bb1c4adb6528c7efc3a880ee5e63788acd58.exe
-
Size
646KB
-
MD5
27c41ef3a6904594f4e143a43eb12220
-
SHA1
4a985397d5b93550640f55215d8c802a5740e393
-
SHA256
2a5c41fdf30d170d018f746e1e72bb1c4adb6528c7efc3a880ee5e63788acd58
-
SHA512
3edc6cfb87a023e1cb034c394ea3cec7d01a02bcce53826dc6ec801b5d10561fd1e7e4f15d667f27a8822dbc3c60b6c49618c788744908903800f96f3e0a8892
-
SSDEEP
12288:fnvoN4gKfKr/xJTgXfx+Q65gTY11IN8S/804mVpCLuXrTi/Fwc/O5z:fv24MrZJgXfwZCWSb7C0XiScG5z
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 300 suxbtjf.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\suxbtjf.exe 2a5c41fdf30d170d018f746e1e72bb1c4adb6528c7efc3a880ee5e63788acd58.exe File created C:\PROGRA~3\Mozilla\wkvogyf.dll suxbtjf.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2044 wrote to memory of 300 2044 taskeng.exe 29 PID 2044 wrote to memory of 300 2044 taskeng.exe 29 PID 2044 wrote to memory of 300 2044 taskeng.exe 29 PID 2044 wrote to memory of 300 2044 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a5c41fdf30d170d018f746e1e72bb1c4adb6528c7efc3a880ee5e63788acd58.exe"C:\Users\Admin\AppData\Local\Temp\2a5c41fdf30d170d018f746e1e72bb1c4adb6528c7efc3a880ee5e63788acd58.exe"1⤵
- Drops file in Program Files directory
PID:2040
-
C:\Windows\system32\taskeng.exetaskeng.exe {58A38D4B-FA17-4400-AF96-682213B25FBD} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\PROGRA~3\Mozilla\suxbtjf.exeC:\PROGRA~3\Mozilla\suxbtjf.exe -wukznwj2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:300
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
646KB
MD5d392810cdbbc11d7bcf81c20d86ca973
SHA1e77b911bf73b771d3840aa0ca782a4ffa510f8c5
SHA256d5635c0e455853c9352e7478e5eafb0ef246e8fcaf60ab820c3be82a1cfb715f
SHA51208a00d0801d31ef00af925e97ffbb600e1b22dae0b67a0fe744d37483c5128e1bd5b0e754a6d1e810f7c9759ae4b8184433f61ce72bcb9b02585f1091d5ed685
-
Filesize
646KB
MD5d392810cdbbc11d7bcf81c20d86ca973
SHA1e77b911bf73b771d3840aa0ca782a4ffa510f8c5
SHA256d5635c0e455853c9352e7478e5eafb0ef246e8fcaf60ab820c3be82a1cfb715f
SHA51208a00d0801d31ef00af925e97ffbb600e1b22dae0b67a0fe744d37483c5128e1bd5b0e754a6d1e810f7c9759ae4b8184433f61ce72bcb9b02585f1091d5ed685