Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
20/03/2023, 15:36
General
-
Target
Shipment_notification.exe
-
Size
754KB
-
MD5
c310a64af890ac32abff89e86cb53a33
-
SHA1
509cdec4d058011fb55535a936e56d3158f3f05a
-
SHA256
90e86051c2fb04a3f6fda85273580abca9a9131fb5e32065f620c4410febe1af
-
SHA512
095334ee039c7c70b5459b16f1e8d66b56cb7847d3769859182ef5764a8fcb6720cddbc20fc7b5a2c87a6ec4141a70b537e59e27f7fd2ff57c0c325e1b803fce
-
SSDEEP
12288:PIrmYMUnFW/NObV55FbasbtrKnnRy50vHKB0otonixVtd/FmQSBhVa8i6NFJHKoR:PIrUUj5FbfVoy5hB0hnixT9FHI04qooW
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 1 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Shipment_notification.exe"C:\Users\Admin\AppData\Local\Temp\Shipment_notification.exe"2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Shipment_notification.exe"C:\Users\Admin\AppData\Local\Temp\Shipment_notification.exe"3⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\mstsc.exe"C:\Windows\SysWOW64\mstsc.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\Firefox.exe"C:\Program Files\Mozilla Firefox\Firefox.exe"3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
465KB
MD59e480b43cbe052e9ab25a0b982132e4d
SHA1511ed863e48b8755e43b093238b923339c1bf846
SHA256d76c2b3b27f279cbaabaa2d53c93e4bb7f2d8336e5aff7c74d7a16a2dbfbfb1c
SHA51292a2753d125fec5a77945a1724dd85d07fd672583666029e313903584cf8e872fae9f3bb1db00cb9cde747edd4e3e95c8ffc3aa2867ce9212504d557e2adc8fb
-
Filesize
890KB
MD58402a6aa76d7787ff03943dd129e3d83
SHA1895338cb761d62930ca93918011fd2cd33d5b30c
SHA25649ff99d5b24f4f7d5a8ea175f35a6548c74b04e5c621c60121b5088dab19b4eb
SHA51239bbe90385be35492825929296aae771fb4afb00a1f6a48f0e4ec17bc1097c3a32cea3b22033116c82695e66acbd6c847483a8da21e7302240467b58e39169ea
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
64KB
-
Filesize
3.0MB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
188KB
-
Filesize
4KB
-
Filesize
180KB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
3.0MB
-
Filesize
808KB
-
Filesize
572KB
-
Filesize
80KB
-
Filesize
704KB
-
Filesize
48KB
-
Filesize
256KB
-
Filesize
224KB
-
Filesize
776KB
-
Filesize
256KB
-
Filesize
1.0MB
-
Filesize
40KB
-
Filesize
1.0MB
-
Filesize
1.0MB