Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
04/12/2022, 00:05
General
-
Target
e32cee32c8e79635235b3b23052782a8552b057bd18e989702f753b0d48de035.exe
-
Size
1.4MB
-
MD5
bef495809e1dd90ff241a27015ae59e0
-
SHA1
14f7157b558fb918f32d200b688c20b9b8b60225
-
SHA256
e32cee32c8e79635235b3b23052782a8552b057bd18e989702f753b0d48de035
-
SHA512
e676610d18873332c2262d1bc0ad84fdc08fd777f28c11ebb99e3137e1977071fdb97a0e1fe89dba084fd0ceae66410152462477a860026a3e9c3b836a5cd3ae
-
SSDEEP
24576:n7/iW4aTva1MpL78F9qBhAo2ODgNEBOvVf7wj7+a6B51zY7tpstbQTSD9x:nLiMTlA4BAOEEwsj7aB/zqSbQ2
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 4 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e32cee32c8e79635235b3b23052782a8552b057bd18e989702f753b0d48de035.exe"C:\Users\Admin\AppData\Local\Temp\e32cee32c8e79635235b3b23052782a8552b057bd18e989702f753b0d48de035.exe"1⤵
- Modifies WinLogon for persistence
- Modifies visiblity of hidden/system files in Explorer
- UAC bypass
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Adds Run key to start application
- Checks whether UAC is enabled
- Installs/modifies Browser Helper Object
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Persistence
Browser Extensions
1Hidden Files and Directories
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Bypass User Account Control
1Disabling Security Tools
1Hidden Files and Directories
1Modify Registry
6Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
239KB
MD5a765df00d58bf83639aa81e53d737148
SHA1b4ff9778e8c21d1d859eb63c00d7d2c897132177
SHA256c73b6ee13aaf0448e5c31375c8faa780bc5e0834f374a81c917ae8f9b5e82c41
SHA512ae15297192151dd7918f6b92202320cadd2390df9505667bf7ee9950d5044e6f752f376da6fc7202dc277128d02aee358ef35ab9a9cb2188f3190d6b97efe130
-
Filesize
8KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
