Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    104s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 00:20

General

  • Target

    eab8571d92f7d5641fa969c7be6a94147f4ac488e360272f5985f3ad2e336470.exe

  • Size

    70KB

  • MD5

    2fb0fdc1cf51c69dbfd21c77d701b4e0

  • SHA1

    e59186735276d06e8efc5fbbc6a30e763cdeddbe

  • SHA256

    eab8571d92f7d5641fa969c7be6a94147f4ac488e360272f5985f3ad2e336470

  • SHA512

    7868f7c8ddd60244d8ff2af9887c369cc4f484fddf97cb47618a7dae693251afaa6bd00e6ecd0fb438165c074d5229629dbebb23f81cb72695b234613cc99419

  • SSDEEP

    1536:Qc+E19oIzg3CJuL0gZEQ5w7x3kWM0erCdqeFPF4oEF6mQ8Oc:RzjoIzg3Ci6uW3l8rCf781

Score
8/10

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 2 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eab8571d92f7d5641fa969c7be6a94147f4ac488e360272f5985f3ad2e336470.exe
    "C:\Users\Admin\AppData\Local\Temp\eab8571d92f7d5641fa969c7be6a94147f4ac488e360272f5985f3ad2e336470.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3848
    • C:\Windows\SysWOW64\regedit.exe
      regedit /s C:\99reg.reg
      2⤵
      • Runs .reg file with regedit
      PID:1928
    • C:\Windows\msnmsgr.exe
      C:\Windows\msnmsgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\99reg.reg

    Filesize

    121B

    MD5

    8c0c2a3561f09e9da4f663ebd9db06dc

    SHA1

    060cfdaa3aa592ec1bede0c4e71a6da3baf42dd4

    SHA256

    4c3f8b2bae6bd3dec43219df3845068964d4a2e398bc20a32e75d7379d0a1c03

    SHA512

    b45639591a3ad789831d6b45dd5e7e5cee5e8206f3fa225e39032e1f64d4dd3e74cd367444d615fa89259176e28cfeaa03106c87e12c45d4d5e4c9975b4a8ec8

  • C:\Windows\msnmsgr.exe

    Filesize

    70KB

    MD5

    2fb0fdc1cf51c69dbfd21c77d701b4e0

    SHA1

    e59186735276d06e8efc5fbbc6a30e763cdeddbe

    SHA256

    eab8571d92f7d5641fa969c7be6a94147f4ac488e360272f5985f3ad2e336470

    SHA512

    7868f7c8ddd60244d8ff2af9887c369cc4f484fddf97cb47618a7dae693251afaa6bd00e6ecd0fb438165c074d5229629dbebb23f81cb72695b234613cc99419

  • C:\Windows\msnmsgr.exe

    Filesize

    70KB

    MD5

    2fb0fdc1cf51c69dbfd21c77d701b4e0

    SHA1

    e59186735276d06e8efc5fbbc6a30e763cdeddbe

    SHA256

    eab8571d92f7d5641fa969c7be6a94147f4ac488e360272f5985f3ad2e336470

    SHA512

    7868f7c8ddd60244d8ff2af9887c369cc4f484fddf97cb47618a7dae693251afaa6bd00e6ecd0fb438165c074d5229629dbebb23f81cb72695b234613cc99419

  • memory/3848-134-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

  • memory/3848-143-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

  • memory/4788-142-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB