Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
03/12/2022, 00:16
General
-
Target
9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe
-
Size
62KB
-
MD5
0a797adc3f086673bfceb8254c3912d4
-
SHA1
0d3a2367d5625f30ac6deca128c339b6b5903776
-
SHA256
9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a
-
SHA512
7378ff873274e4bc1ad5032ecc30f9743e0266bac95c956b938195bc8d67ee8afe628f4f8d7874bb397e885933ade81b00846e899bf272d31ba3334ee185d8ea
-
SSDEEP
1536:bpg6nW9+kdTx87Iwterf9KZezMv5oITjhyb5lZT:bpg6W5kRMf9BY5ooS
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Modifies WinLogon 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Control Panel 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe"C:\Users\Admin\AppData\Local\Temp\9bf2f997ca1077d7820d7e7d53622f694f45fd19ee934fb91fc772221e12eb4a.exe"1⤵
- Checks computer location settings
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exeC:\Windows\explorer.exe2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
1.1MB
-
Filesize
8KB
-
Filesize
72KB