Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c6fd4e5cf7...c6.exe

windows7-x64

7

c6fd4e5cf7...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    31/08/2023, 19:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6fd4e5cf7f4a94543c59b268be1cd9769fa394af04cca60e794d74a370af0c6.exe

  • Size

    76KB

  • MD5

    39a69e2092379cae354b478923c444f6

  • SHA1

    d73d141828c245976fdc08daf7db0a5a1a9f838c

  • SHA256

    c6fd4e5cf7f4a94543c59b268be1cd9769fa394af04cca60e794d74a370af0c6

  • SHA512

    ae20c74bc497e0b09e349cfb51a8471a18d7dfa22d188a8ce9e03dfb53225981edb1852af9d6aa9094a19502b8204aa3ab22f179a06fe3731489c086c4250540

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOppz:GhfxHNIreQm+Hiepz

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6fd4e5cf7f4a94543c59b268be1cd9769fa394af04cca60e794d74a370af0c6.exe
    "C:\Users\Admin\AppData\Local\Temp\c6fd4e5cf7f4a94543c59b268be1cd9769fa394af04cca60e794d74a370af0c6.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    730ce8c75536bea2bc116ccad9661218

    SHA1

    33ab52d182fbe2b8e73a8297884df1cc2cdb395a

    SHA256

    66b9077e535cf985e53e50bf02342a90207f3f5e31359bca7f11141497e215e1

    SHA512

    d770a1eff803ca129be5a9cfa8a8ffccde6526b64ca6dab68816a742f987b841d244e098d5b9d2d2f36ed75f95769c4a2284cc69eb7065c38a314cd1625ab5bf

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    85KB

    MD5

    b51c970cff1668ef44e358c5fc13659d

    SHA1

    d34b379a210b201b05443a42565105f0b962f300

    SHA256

    72bf26db6f4250309754fa9c0a374c770f7807d93c45174e90b0036f80294871

    SHA512

    57439e0ae71af88d80a0dc5a8d1d42c5c73e018ffb0a9de0cd8a8dcbf6ddf98221d0b048e2ef2e6bdbdee53d06f3e1e508f4e171a900634d826dce47e06e8288

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    85KB

    MD5

    b51c970cff1668ef44e358c5fc13659d

    SHA1

    d34b379a210b201b05443a42565105f0b962f300

    SHA256

    72bf26db6f4250309754fa9c0a374c770f7807d93c45174e90b0036f80294871

    SHA512

    57439e0ae71af88d80a0dc5a8d1d42c5c73e018ffb0a9de0cd8a8dcbf6ddf98221d0b048e2ef2e6bdbdee53d06f3e1e508f4e171a900634d826dce47e06e8288

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    85KB

    MD5

    b51c970cff1668ef44e358c5fc13659d

    SHA1

    d34b379a210b201b05443a42565105f0b962f300

    SHA256

    72bf26db6f4250309754fa9c0a374c770f7807d93c45174e90b0036f80294871

    SHA512

    57439e0ae71af88d80a0dc5a8d1d42c5c73e018ffb0a9de0cd8a8dcbf6ddf98221d0b048e2ef2e6bdbdee53d06f3e1e508f4e171a900634d826dce47e06e8288

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    85KB

    MD5

    b51c970cff1668ef44e358c5fc13659d

    SHA1

    d34b379a210b201b05443a42565105f0b962f300

    SHA256

    72bf26db6f4250309754fa9c0a374c770f7807d93c45174e90b0036f80294871

    SHA512

    57439e0ae71af88d80a0dc5a8d1d42c5c73e018ffb0a9de0cd8a8dcbf6ddf98221d0b048e2ef2e6bdbdee53d06f3e1e508f4e171a900634d826dce47e06e8288

    Download Submit

  • memory/2472-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2472-12-0x0000000000290000-0x00000000002A6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2472-20-0x0000000000290000-0x0000000000296000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2472-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2812-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download