Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
14/07/2023, 14:51
Static task
static1
Behavioral task
behavioral1
Sample
23003290885ca5exeexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
23003290885ca5exeexe_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
23003290885ca5exeexe_JC.exe
-
Size
373KB
-
MD5
23003290885ca5525297b0fc13c67911
-
SHA1
180482dbb207ed1141258e00fdc151d0d3ff2486
-
SHA256
3de66fe938329d14b6e512cf653afeae55a4a9d02acb2fd812493060bcd5e4b3
-
SHA512
f772ab8d8282d8495ce8774733292de3cbec42f92dfb0e11863c9ee4330e2bf326df61445b857ae3fed2308a8b42552fee92a35d12192fb1932946867efe532a
-
SSDEEP
6144:BplrlbbDdQaqd2X/96fr3KFEUGjr8uB2WgcA0cpXEVNrvGZ4FUqm6:BplrVbDdQaqdS/ofraFErH8uB2Wm0SXj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2716 provided.exe -
Loads dropped DLL 2 IoCs
pid Process 2492 23003290885ca5exeexe_JC.exe 2492 23003290885ca5exeexe_JC.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\audience\provided.exe 23003290885ca5exeexe_JC.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2492 23003290885ca5exeexe_JC.exe 2492 23003290885ca5exeexe_JC.exe 2492 23003290885ca5exeexe_JC.exe 2492 23003290885ca5exeexe_JC.exe 2716 provided.exe 2716 provided.exe 2716 provided.exe 2716 provided.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2492 wrote to memory of 2716 2492 23003290885ca5exeexe_JC.exe 28 PID 2492 wrote to memory of 2716 2492 23003290885ca5exeexe_JC.exe 28 PID 2492 wrote to memory of 2716 2492 23003290885ca5exeexe_JC.exe 28 PID 2492 wrote to memory of 2716 2492 23003290885ca5exeexe_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\23003290885ca5exeexe_JC.exe"C:\Users\Admin\AppData\Local\Temp\23003290885ca5exeexe_JC.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Program Files\audience\provided.exe"C:\Program Files\audience\provided.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
373KB
MD5714dac814a49b13c6a2b2c63ac2559b7
SHA1458c453f82086ecb14d25b54cf3155551509fefd
SHA2564108b61198a5908dcf16cc01ff5e40da90e160e4f26933b0fe27f3912b94f2f7
SHA5129da854b5d4b35bf9e80789d2fb121b22ffc0b3e4ccaf42d3e3613717c61f6a0e864405a170e8dbf428cce7ffca61ef14ea73fdb941047f3deed269a4575b9a4b
-
Filesize
373KB
MD5714dac814a49b13c6a2b2c63ac2559b7
SHA1458c453f82086ecb14d25b54cf3155551509fefd
SHA2564108b61198a5908dcf16cc01ff5e40da90e160e4f26933b0fe27f3912b94f2f7
SHA5129da854b5d4b35bf9e80789d2fb121b22ffc0b3e4ccaf42d3e3613717c61f6a0e864405a170e8dbf428cce7ffca61ef14ea73fdb941047f3deed269a4575b9a4b
-
Filesize
373KB
MD5714dac814a49b13c6a2b2c63ac2559b7
SHA1458c453f82086ecb14d25b54cf3155551509fefd
SHA2564108b61198a5908dcf16cc01ff5e40da90e160e4f26933b0fe27f3912b94f2f7
SHA5129da854b5d4b35bf9e80789d2fb121b22ffc0b3e4ccaf42d3e3613717c61f6a0e864405a170e8dbf428cce7ffca61ef14ea73fdb941047f3deed269a4575b9a4b
-
Filesize
373KB
MD5714dac814a49b13c6a2b2c63ac2559b7
SHA1458c453f82086ecb14d25b54cf3155551509fefd
SHA2564108b61198a5908dcf16cc01ff5e40da90e160e4f26933b0fe27f3912b94f2f7
SHA5129da854b5d4b35bf9e80789d2fb121b22ffc0b3e4ccaf42d3e3613717c61f6a0e864405a170e8dbf428cce7ffca61ef14ea73fdb941047f3deed269a4575b9a4b