Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
06/12/2022, 11:21
Static task
static1
Behavioral task
behavioral1
Sample
be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe
Resource
win10v2004-20220901-en
General
-
Target
be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe
-
Size
30KB
-
MD5
1ec430b199e88ed5beb48f450820c72c
-
SHA1
c151c5d8b4cedab26a84236ac98d6a717b19e3d2
-
SHA256
be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20
-
SHA512
37ab89e4a60f3bfe768c1b40e3db614f3a4366421c1785577f0a81c73630b494a4a291178709335eb6b079bb984a3ef59e66f535987222cab8c5c3f0ee315165
-
SSDEEP
384:pf+RHIl4rQ/0ZJhGc4zGsrcXE96cYJLW7HbP6jZ:pf+K0ZPGc4qGEEsRLobPmZ
Malware Config
Signatures
-
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\System32\GroupPolicy mmc.exe File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini mmc.exe File opened for modification C:\WINDOWS\SysWOW64\GroupPolicy\Machine\Registry.pol be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe File opened for modification \??\c:\windows\system32\gpedit.msc mmc.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main mmc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2008 mmc.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2008 mmc.exe Token: SeIncBasePriorityPrivilege 2008 mmc.exe Token: 33 2008 mmc.exe Token: SeIncBasePriorityPrivilege 2008 mmc.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2040 be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe 1984 mmc.exe 2008 mmc.exe 2008 mmc.exe 2008 mmc.exe 2008 mmc.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1984 2040 be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe 28 PID 2040 wrote to memory of 1984 2040 be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe 28 PID 2040 wrote to memory of 1984 2040 be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe 28 PID 2040 wrote to memory of 1984 2040 be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe 28 PID 1984 wrote to memory of 2008 1984 mmc.exe 29 PID 1984 wrote to memory of 2008 1984 mmc.exe 29 PID 1984 wrote to memory of 2008 1984 mmc.exe 29 PID 1984 wrote to memory of 2008 1984 mmc.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe"C:\Users\Admin\AppData\Local\Temp\be276ba942165ddeb1e59f0c6d17945d0e490b6140348700fd9f1b9e5b540d20.exe"1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\mmc.exemmc c:\windows\system32\gpedit.msc2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Windows\system32\mmc.exe"c:\windows\system32\gpedit.msc" c:\windows\system32\gpedit.msc3⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2008
-
-