Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 11:21

General

  • Target

    be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe

  • Size

    30KB

  • MD5

    1ec430b199e88ed5beb48f450820c72c

  • SHA1

    c151c5d8b4cedab26a84236ac98d6a717b19e3d2

  • SHA256

    be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20

  • SHA512

    37ab89e4a60f3bfe768c1b40e3db614f3a4366421c1785577f0a81c73630b494a4a291178709335eb6b079bb984a3ef59e66f535987222cab8c5c3f0ee315165

  • SSDEEP

    384:pf+RHIl4rQ/0ZJhGc4zGsrcXE96cYJLW7HbP6jZ:pf+K0ZPGc4qGEEsRLobPmZ

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe
    "C:\Users\Admin\AppData\Local\Temp\be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\mmc.exe
      mmc c:\windows\system32\gpedit.msc
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1984
      • C:\Windows\system32\mmc.exe
        "c:\windows\system32\gpedit.msc" c:\windows\system32\gpedit.msc
        3⤵
        • Drops file in System32 directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1984-57-0x0000000075631000-0x0000000075633000-memory.dmp

    Filesize

    8KB

  • memory/2008-59-0x000007FEFC201000-0x000007FEFC203000-memory.dmp

    Filesize

    8KB

  • memory/2008-60-0x000007FEF6081000-0x000007FEF6083000-memory.dmp

    Filesize

    8KB

  • memory/2008-61-0x000007FEF5B91000-0x000007FEF5B93000-memory.dmp

    Filesize

    8KB

  • memory/2008-62-0x000007FEF1F40000-0x000007FEF2963000-memory.dmp

    Filesize

    10.1MB

  • memory/2008-63-0x000007FEEDEF0000-0x000007FEEEF86000-memory.dmp

    Filesize

    16.6MB