Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
23/07/2023, 15:27
Static task
static1
Behavioral task
behavioral1
Sample
NA_NA_0d9be373b2250dexeexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
NA_NA_0d9be373b2250dexeexe_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
NA_NA_0d9be373b2250dexeexe_JC.exe
-
Size
406KB
-
MD5
0d9be373b2250d424d1b1a5160ac06e3
-
SHA1
1d24e7b303bf229dde748d3e1246bfe6e98df788
-
SHA256
5ee7061bc4a54697ad7b8b331331db4cc92512c8ad815b4ef8fcbfc972592e12
-
SHA512
2ea15e45b88d9ae494e3a661fd8c902f7d6066b99e09d8bd4acaba540291860712508eda80f9cee795a337cb11b0168316f6e9db1373d14a318571b180285926
-
SSDEEP
12288:2plrVbDdQaqdS/ofraFErH8uB2Wm0SXsNr5FU:SxRQ+Fucuvm0as
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2552 headers.exe -
Loads dropped DLL 2 IoCs
pid Process 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 2588 NA_NA_0d9be373b2250dexeexe_JC.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\sure\headers.exe NA_NA_0d9be373b2250dexeexe_JC.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 2552 headers.exe 2552 headers.exe 2552 headers.exe 2552 headers.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2588 wrote to memory of 2552 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 28 PID 2588 wrote to memory of 2552 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 28 PID 2588 wrote to memory of 2552 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 28 PID 2588 wrote to memory of 2552 2588 NA_NA_0d9be373b2250dexeexe_JC.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\NA_NA_0d9be373b2250dexeexe_JC.exe"C:\Users\Admin\AppData\Local\Temp\NA_NA_0d9be373b2250dexeexe_JC.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588 -
C:\Program Files\sure\headers.exe"C:\Program Files\sure\headers.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
406KB
MD551817ab17db214ca095f939b4e74e06e
SHA134ae516b59dbbeb7fed332ef65185aed9421976d
SHA256e8ff61420219c596681930ee5560d8ec6037509cb15bfb5caac0ba5d4dbc3bdb
SHA51245b0c88d579ec95bef1b86caa61460a7dc5aadf9c1d0d9ce8567afa825ee26721abc4bf98b4b406e7c7e386eff180922634824f519531469bb9bdb4bb2c121e3
-
Filesize
406KB
MD551817ab17db214ca095f939b4e74e06e
SHA134ae516b59dbbeb7fed332ef65185aed9421976d
SHA256e8ff61420219c596681930ee5560d8ec6037509cb15bfb5caac0ba5d4dbc3bdb
SHA51245b0c88d579ec95bef1b86caa61460a7dc5aadf9c1d0d9ce8567afa825ee26721abc4bf98b4b406e7c7e386eff180922634824f519531469bb9bdb4bb2c121e3
-
Filesize
406KB
MD551817ab17db214ca095f939b4e74e06e
SHA134ae516b59dbbeb7fed332ef65185aed9421976d
SHA256e8ff61420219c596681930ee5560d8ec6037509cb15bfb5caac0ba5d4dbc3bdb
SHA51245b0c88d579ec95bef1b86caa61460a7dc5aadf9c1d0d9ce8567afa825ee26721abc4bf98b4b406e7c7e386eff180922634824f519531469bb9bdb4bb2c121e3
-
Filesize
406KB
MD551817ab17db214ca095f939b4e74e06e
SHA134ae516b59dbbeb7fed332ef65185aed9421976d
SHA256e8ff61420219c596681930ee5560d8ec6037509cb15bfb5caac0ba5d4dbc3bdb
SHA51245b0c88d579ec95bef1b86caa61460a7dc5aadf9c1d0d9ce8567afa825ee26721abc4bf98b4b406e7c7e386eff180922634824f519531469bb9bdb4bb2c121e3