Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
31/08/2023, 21:21
Static task
static1
Behavioral task
behavioral1
Sample
87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
Resource
win10v2004-20230703-en
General
-
Target
87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
-
Size
14.3MB
-
MD5
84706e317709f668156e1a64655b8575
-
SHA1
7f8c6c36499b6968b828cc31fe364a9f36c86cf3
-
SHA256
87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79
-
SHA512
df17e7d8470945999ea7001c08ff2851cabfe0671fcad961a54ac0a1c67ca457348a5533a5a456f61065e61f738f615f195bea5cae79a0def6fd94b275155dfd
-
SSDEEP
196608:vUA2js2wjg2AUa78dy88xotEfi7ZL6hIQq3DGtrDEELswvHDiwr05LHwkfgvJdaG:vSA9jg2k7Z83tYhIXDGjUQhbU1Q
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\M: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\S: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\W: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\Z: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\B: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\E: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\G: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\O: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\R: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\V: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\A: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\I: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\J: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\T: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\X: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\Y: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\H: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\L: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\N: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\P: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\Q: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe File opened (read-only) \??\U: 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2660 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2660 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe 2660 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe 2660 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe 2660 87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe"C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe"1⤵
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2660
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exepack.tmp
Filesize2KB
MD5a201e42881f69746cbbcfb145e78e79e
SHA18a3344bb01bcf4c4c3472e5d69c845664fea1cdd
SHA256b988461f71b0541e4a9aa0753299ee6eb09034d855b12106cae9964a221c5f6e
SHA51267e86010a873a42962038fcda91474efe2962023c4187e11f1a1d52dbb9637e144e1681f87a1125e7a681bf593a51a7ec26027f331268c744edf6e59d0e4946f
-
Filesize
1KB
MD5bc8b6919c8aa83bfeb099c4db51d452e
SHA1761949a84009396e2cd846a4062c4282a050dc25
SHA2563b884f28a5850f0701977b69b2ec372232531f6733852de11f21727853a83aaa
SHA512f67b4f62a4d0faaa7d7deaeae3f67e224212aee3be2ddbca4d63cfdba5653aec43621aa137596fba49d5ad99a46d7c39b9d1e814dc424f09f5ff695150945c97
-
Filesize
1KB
MD50203c4f364e0e7f63d040021caaca02b
SHA1e7284c3c6f8022e5f5fbd0c4eb6bba3ac9a21205
SHA25623cedca8efb4bdf2ee0b0992a18d6e8f27ca545f2ec7e43dfab57ab5972b9024
SHA512f0305adddc833defd8d2c09c88855aa92829f2bf42556e08d9b8d913e7bc95c2cf67866b1a24e9c9c8193e6a6cb7cdbc1a362d13881ffb5b1261bc164aa66805