Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    96s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 11:45

General

  • Target

    e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485.exe

  • Size

    157KB

  • MD5

    179b6f8293556dda8dd4618686646af0

  • SHA1

    9da30ce49f793e41b7f7cfb1d35a18b293b151a2

  • SHA256

    e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485

  • SHA512

    14f20aded7f0f03c3a2609b8b3e2cfcd0efbf205504792ed9bd9d960fdca7a5d240b5bb04ce945ffe6ab733373b5b23409d446fd8283607619cfe98f1215171a

  • SSDEEP

    1536:gkWbhgW5o1oS4l1TfG8Umu3/IdsGmPIxl8F4L0a8fcqQA65Oi:FW+1oS4l5OeuQdrmwvL8EqQA65Oi

Score
8/10

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • Blocklisted process makes network request 25 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485.exe
    "C:\Users\Admin\AppData\Local\Temp\e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Users\Admin\AppData\Local\Temp\e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485.exe
      "C:\Users\Admin\AppData\Local\Temp\e7da4b735f0ad0e57923ef9a0a69a4849b9bdefac0e5d36bfc9fdcfed34c6485.exe"
      2⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Windows\syswow64\msiexec.exe
        C:\Windows\syswow64\msiexec.exe
        3⤵
        • Adds policy Run key to start application
        • Blocklisted process makes network request
        • Drops file in Program Files directory
        PID:956

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/956-63-0x0000000075591000-0x0000000075593000-memory.dmp

    Filesize

    8KB

  • memory/956-64-0x0000000000BF0000-0x0000000000C04000-memory.dmp

    Filesize

    80KB

  • memory/956-65-0x00000000000C0000-0x00000000000C5000-memory.dmp

    Filesize

    20KB

  • memory/956-66-0x00000000000C0000-0x00000000000C5000-memory.dmp

    Filesize

    20KB

  • memory/1664-54-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

  • memory/1664-58-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

  • memory/1664-57-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

  • memory/1664-55-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

  • memory/1664-61-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB