Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
318s -
max time network
331s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 21:06
Static task
static1
Behavioral task
behavioral1
Sample
a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe
Resource
win10v2004-20221111-en
General
-
Target
a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe
-
Size
71KB
-
MD5
e5eebe174517d702dcad60eee1a493f7
-
SHA1
e993e9239035e4d55b67d7d4d0257b1e2b6df11a
-
SHA256
a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230
-
SHA512
d2dc6b5a5c32f55074aed3e0a0f2b5f1ad64af80aa53857483637a95f415cb1c05210cc7d6c9d7b4d2aeb552848d16c2b2aeb149cdc6be4865076fd2ddd01adf
-
SSDEEP
1536:TPn8njURvkTcvuxfTfQPnOWmTK+5+Vcm2oBKrHDX5:TUnjURvkTcvYfUPnjVcm2oBKrjX
Malware Config
Signatures
-
Sets DLL path for service in the registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\defaultlib\Parameters\ServiceDll = "C:\\Windows\\system32\\u14117208.dll" a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe -
Loads dropped DLL 1 IoCs
pid Process 1500 svchost.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\u14117208.dll a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe 1500 svchost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe"C:\Users\Admin\AppData\Local\Temp\a52c27dafbf31bc6b2c1d5f11dd0d8ddfe3401a42cee0790ed48244219d43230.exe"1⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
PID:3664
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1500
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5721d7448a4d4bfdd1407f4459b925722
SHA1345a40cf08ecb1d1f04a3c1274b265bca3362ace
SHA256c5da3222bc8ab0563022553e616de063bd71ee2ab096c86035cdc89a1bbe2b4a
SHA51220ac4859647e9f39b59bae550345bd2377a7f67c2a57e4fc1494da9ad5cee439e31344c8a23a9fcb71eceee7a75a869588567a335bf6bd0c66fb4c9c18de98b1
-
Filesize
64KB
MD5721d7448a4d4bfdd1407f4459b925722
SHA1345a40cf08ecb1d1f04a3c1274b265bca3362ace
SHA256c5da3222bc8ab0563022553e616de063bd71ee2ab096c86035cdc89a1bbe2b4a
SHA51220ac4859647e9f39b59bae550345bd2377a7f67c2a57e4fc1494da9ad5cee439e31344c8a23a9fcb71eceee7a75a869588567a335bf6bd0c66fb4c9c18de98b1