Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fcb948ec17...3a.exe

windows7-x64

7

fcb948ec17...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2023, 07:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcb948ec171927142c0179d46eef69b55f47defc5f57e8daca9653a4ed44c23a.exe

  • Size

    73KB

  • MD5

    ef72ff06ffeef43bed91d8c8865f3239

  • SHA1

    0e4a72f5cf1636b7d2f75b0a80388f4349b2d23e

  • SHA256

    fcb948ec171927142c0179d46eef69b55f47defc5f57e8daca9653a4ed44c23a

  • SHA512

    a4c6f5fa8188760eb90d1d67e0e73871b33e726b30cf47ccd2d156644253acc414c67544a404db8a8df721cb66de05ba53f4e0fe3b6112dcc384eab3d0b9a888

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcb948ec171927142c0179d46eef69b55f47defc5f57e8daca9653a4ed44c23a.exe
    "C:\Users\Admin\AppData\Local\Temp\fcb948ec171927142c0179d46eef69b55f47defc5f57e8daca9653a4ed44c23a.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3116
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    d4a2a73558b4a75001a8b027914f694b

    SHA1

    62c4da5ccb64168ca2dbd3a46f4fe63b8a48f9d7

    SHA256

    6bf3f7c960e4c4ebdaca67f1d384e6428425cdffccd2533ce020dbcf44915a28

    SHA512

    34b23d91c0c969d731cba7da289e5a6f37d182d942bba9f7cc32c6e345d53d9091fefcf86e5cd98557a008e9e162fab666fb22fafcb1e465ad22dbe7efa2cf30

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    76KB

    MD5

    bdaa810f85675464e622caaee2570946

    SHA1

    1f364ad6b5567be3a61c55f2118ff04256d2e329

    SHA256

    bf176a619df43465089affc403e89ea7ce2a937297645f904a4df4e358a6e88b

    SHA512

    e8ffeada70e523c1b03ab9a92bb76d06f628f518f1e0f82257483285025d90d2a3614a263ca9e3494d125b153da68bf98676c55fe51bf3711656ab2badfa3be3

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    bdaa810f85675464e622caaee2570946

    SHA1

    1f364ad6b5567be3a61c55f2118ff04256d2e329

    SHA256

    bf176a619df43465089affc403e89ea7ce2a937297645f904a4df4e358a6e88b

    SHA512

    e8ffeada70e523c1b03ab9a92bb76d06f628f518f1e0f82257483285025d90d2a3614a263ca9e3494d125b153da68bf98676c55fe51bf3711656ab2badfa3be3

    Download Submit

  • memory/2228-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3116-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3116-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download