Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16/08/2023, 03:59
Static task
static1
Behavioral task
behavioral1
Sample
09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
Resource
win10v2004-20230703-en
General
-
Target
09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
-
Size
15.4MB
-
MD5
d5bc7e77b7bd6a74f7d8dafe8776a2ef
-
SHA1
90f4b8462c6ec5415e8ceedb52363c8d4a6d06ae
-
SHA256
09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462
-
SHA512
d25fa2da9335c147cd13c795f58a578943eeb4ab0d9ec9faaf6543239609bb553775740c6a419a6fdcace41e609433f5bd3ecc8964a12be2bd33610492dbd721
-
SSDEEP
393216:3VhgLN/qpGQLRetqfp9tcIdOAbfLt7WNcyJ7es68G:3VhgR/t4Hrt72cy5ib
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main 09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2428 09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2428 09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2428 09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe 2428 09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe 2428 09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe 2428 09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe"C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exepack.tmp
Filesize2KB
MD521aa48867766e568147b201473fea385
SHA1dc1850bc71e0fc490dbe20ac13ec2cebc380c485
SHA256e9385421108ca10bc9947c245758dc796472453dcbd9c7f616e7d5b784208b35
SHA512efed7e2653261a8394c834ccda42e24251718d2d879c7a5464b5b6462114b9739d79f6885d13a0832345a7c140879a24241be50e2466e706d29bfa6d66abc1c4
-
Filesize
1KB
MD55ac58ca75a4642c6a08a93040815daa2
SHA13750f3124bab4b762c6b44095be5003ed016742f
SHA2563dc8438858b9db4fc32a3ad3e69b1be2902e604e8bc36cdb0c216d3f9704779e
SHA5126c2c5cdd6ba4fd7acd7c83b965874b85219c09a79b3857f20c29d1d33ae309ea04397b5ca2801902261c3e9c50e97d747bb8a027e7b8f1023fe2985c56fbd433
-
Filesize
1KB
MD56fa3bed462f3f2b1c91e19b2728cba12
SHA1540316478dd167a3475b4eba12ac10b7d2e6d8cb
SHA2569922b069690809cfb1d3c1879207b6c39d9dfc7cbcd5b727478cb23f66eda251
SHA5126333d78e5c638c37e5b2da7f47761351c88544f945d967676c8ff3ab46ffff0a0be4ef65e98ebf3c95f4962fe5ced73fd63362a01e1cfb40362636730f91b9c9