Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 08:11
Static task
static1
Behavioral task
behavioral1
Sample
8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe
Resource
win10v2004-20221111-en
General
-
Target
8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe
-
Size
1.0MB
-
MD5
7956afbc70489d6354500ca4974f6dd0
-
SHA1
188c3e1cea9b16b5e76ca60a4bcf5094c21e170b
-
SHA256
8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890
-
SHA512
50fa799c64ea8d6c71191cfb13ea8a0ede38546de3e560db5245ae504abef8ef4e07b324735967622dcd3069bac168e4a83be4b627ad4b93e3402d596d4d2920
-
SSDEEP
24576:WOtC+fPEv9OCVEJOfXvb7FkXhjelDwFMi/JtqxwNDWvzHlp:WVuPYvBk0lDUMi/JtqCGzH3
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBIOSDate 8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe -
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBIOSDate 8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1960 8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe 1960 8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe 1960 8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe"C:\Users\Admin\AppData\Local\Temp\8895c311421a2beb8470ea7ebeffe67b4a89aabf97ce03086743dc9697a84890.exe"1⤵
- Checks BIOS information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:1960