Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

27e24a57c1...JC.exe

windows7-x64

7

27e24a57c1...JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2023, 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27e24a57c19574993ff9a68bbb605010_JC.exe

  • Size

    84KB

  • MD5

    27e24a57c19574993ff9a68bbb605010

  • SHA1

    2785b5a297e089e2696f3c4e866861806fb8520e

  • SHA256

    bd7a026af2a04de3e4b8ab669f8314c0b2ac97e19be2ad26dc9c40411617a9c3

  • SHA512

    2808ce749ed957c44c371a5b1b25c253750e8fc4000752da8ce41390c0dc631405d043bd761382f65adb5bd0cc59742534cdda0dfd80726a7325f8136a67fd44

  • SSDEEP

    768:JgO5xRYi+SQvvG5bnl/NqNwsKVDsBYD77aXKynF0v:eshQvoLqNwDDhCe

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27e24a57c19574993ff9a68bbb605010_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\27e24a57c19574993ff9a68bbb605010_JC.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    91KB

    MD5

    16ffb07629c9ebd0d86a7f53f254aa97

    SHA1

    f4f7c0b12eb8da83f67a9d5dfbc2cccdd1d7d7a8

    SHA256

    c75f6a56141456c2e272c513c521fa34e14f8c53699bdc52e91117c07fd65e51

    SHA512

    fd3a23c2819b4f72ea504ee4b21f3c9cb91797b4536c00edf7603893efb749b882f4de42d9f262e79480b1ea2cc9dfc40b29b65629c5479130686b76fe4ebfc0

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    89KB

    MD5

    fcf2692ad230ec54e18d32aa7520b245

    SHA1

    f64558b6de79e75ff5242c89cd0a26ea01799be2

    SHA256

    ffbb942fe51c9f98c0541a114e837b3339bd1b953f93064b3523b02b123f6636

    SHA512

    cf714979fa4b853a379da00d67f032f76badd27f6840d8aae3eee9b91a9dd06cce58de4a8fd96e5da5e00408c686347682ba64504e0ef911a853cb33cb0b4eab

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    89KB

    MD5

    fcf2692ad230ec54e18d32aa7520b245

    SHA1

    f64558b6de79e75ff5242c89cd0a26ea01799be2

    SHA256

    ffbb942fe51c9f98c0541a114e837b3339bd1b953f93064b3523b02b123f6636

    SHA512

    cf714979fa4b853a379da00d67f032f76badd27f6840d8aae3eee9b91a9dd06cce58de4a8fd96e5da5e00408c686347682ba64504e0ef911a853cb33cb0b4eab

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    89KB

    MD5

    fcf2692ad230ec54e18d32aa7520b245

    SHA1

    f64558b6de79e75ff5242c89cd0a26ea01799be2

    SHA256

    ffbb942fe51c9f98c0541a114e837b3339bd1b953f93064b3523b02b123f6636

    SHA512

    cf714979fa4b853a379da00d67f032f76badd27f6840d8aae3eee9b91a9dd06cce58de4a8fd96e5da5e00408c686347682ba64504e0ef911a853cb33cb0b4eab

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    89KB

    MD5

    fcf2692ad230ec54e18d32aa7520b245

    SHA1

    f64558b6de79e75ff5242c89cd0a26ea01799be2

    SHA256

    ffbb942fe51c9f98c0541a114e837b3339bd1b953f93064b3523b02b123f6636

    SHA512

    cf714979fa4b853a379da00d67f032f76badd27f6840d8aae3eee9b91a9dd06cce58de4a8fd96e5da5e00408c686347682ba64504e0ef911a853cb33cb0b4eab

    Download Submit

  • memory/552-19-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/552-22-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/552-23-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1736-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1736-17-0x0000000000240000-0x0000000000255000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1736-21-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1736-20-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download