Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
56s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 13:36
Static task
static1
Behavioral task
behavioral1
Sample
749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
Resource
win10v2004-20220812-en
General
-
Target
749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe
-
Size
936KB
-
MD5
042d8ef1ade21c43d1006727dd404c50
-
SHA1
d6042778d75156db157f6ca9df82236c2ec5effe
-
SHA256
749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4
-
SHA512
9eb93194f123619749f5fa2643a54291b6f76d98f47037b643a45a5859aa886284cad87d898a1420487892ed0a1ed8dc6b6d86bc358f1fbb75db1f12e87c8633
-
SSDEEP
12288:CDJM/bXntAh+nhZoqQEHvVIzJPz//DdvdYkNQX1NYtFX0jPDl5pudl1lnNRybMYY:Cd6atqLHNk5TdvKX1NYtFXOMNwQ4/8X
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 472 suxbtjf.exe -
Modifies AppInit DLL entries 2 TTPs
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\suxbtjf.exe 749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe File created C:\PROGRA~3\Mozilla\wkvogyf.dll suxbtjf.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1092 wrote to memory of 472 1092 taskeng.exe 29 PID 1092 wrote to memory of 472 1092 taskeng.exe 29 PID 1092 wrote to memory of 472 1092 taskeng.exe 29 PID 1092 wrote to memory of 472 1092 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe"C:\Users\Admin\AppData\Local\Temp\749fffb463a767075d81a8676c366a4297a1625c35e97f6aaf852d73fe1a44d4.exe"1⤵
- Drops file in Program Files directory
PID:1380
-
C:\Windows\system32\taskeng.exetaskeng.exe {2CB390E2-725B-45EA-B04E-E3D665B52092} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1092 -
C:\PROGRA~3\Mozilla\suxbtjf.exeC:\PROGRA~3\Mozilla\suxbtjf.exe -wukznwj2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:472
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
936KB
MD5d6281d4652bb3a35003dee7d0a999b7b
SHA16f692a56437514b56adc1762e8a884245ad99e7a
SHA2566422aca623dd9070d295fe9353ceb0b5b7d4cc4e9a15264a3d43cd0dbcd41702
SHA512f76c33c6b41c8cf7249a6ff1d8a6fdc7e5d91d4a930c38de9bdb4a30169bc358e8084347303cd4e67e2e61bad2f3db66b5aaefdd50bdbe6481e94dcce713dfcf
-
Filesize
936KB
MD5d6281d4652bb3a35003dee7d0a999b7b
SHA16f692a56437514b56adc1762e8a884245ad99e7a
SHA2566422aca623dd9070d295fe9353ceb0b5b7d4cc4e9a15264a3d43cd0dbcd41702
SHA512f76c33c6b41c8cf7249a6ff1d8a6fdc7e5d91d4a930c38de9bdb4a30169bc358e8084347303cd4e67e2e61bad2f3db66b5aaefdd50bdbe6481e94dcce713dfcf