Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

106f144755...39.exe

windows7-x64

7

106f144755...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/09/2023, 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    106f144755c3fa7a4889ac317843d5ba3e7032edad689423ee5c5a18ab1fd039.exe

  • Size

    80KB

  • MD5

    d73cc88a11454fcd647a25a0faa794d4

  • SHA1

    ce1c2f23c72bd538113f667c5be380e7adce03f6

  • SHA256

    106f144755c3fa7a4889ac317843d5ba3e7032edad689423ee5c5a18ab1fd039

  • SHA512

    0fbf04643d2fe256ab74036a6026ee9213f05d62e18552e39d168b8fc0660f47d00623bbb6a1e824960f6da7bcfeaf9b61990df22d84d94c44bffce73fa1a00b

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO6SSYS+Z4:GhfxHNIreQm+HiRSSYS+Z4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\106f144755c3fa7a4889ac317843d5ba3e7032edad689423ee5c5a18ab1fd039.exe
    "C:\Users\Admin\AppData\Local\Temp\106f144755c3fa7a4889ac317843d5ba3e7032edad689423ee5c5a18ab1fd039.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    77KB

    MD5

    06f89fdbd0391e72bd2bee1abfa0159c

    SHA1

    de64ecccca9ece7f9b3b285a0f6cdab88561f79f

    SHA256

    24451551ad1c2d300430f516c5eb319741fb42feb4f252abd8dbf8ac88d0857b

    SHA512

    d76f4d3a923bf1a57b65c1809048b216816ed14d151516175e96722a2566a56a29be82a492e6bd22b3108429ebea368c0d8faa493144eac08190eae11c756b39

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    81KB

    MD5

    0ac4ff093ae538302f112c90916ff615

    SHA1

    df099a40190d13da6ec73654bd5ea2f3454ea2b9

    SHA256

    9389b591c0062d4d0551ccc339ceb74d1ae68d9ccc41d2ec0d82fbcb7f2aa0d6

    SHA512

    3be714fb9e3eec09f86b32aeda25ed8677a78db6f0339183877db7bc5f35c7446b8298d756744bcb8fd6224632567ba159db1b59dc807eaff8ae5ef7fcf0ba7e

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    81KB

    MD5

    0ac4ff093ae538302f112c90916ff615

    SHA1

    df099a40190d13da6ec73654bd5ea2f3454ea2b9

    SHA256

    9389b591c0062d4d0551ccc339ceb74d1ae68d9ccc41d2ec0d82fbcb7f2aa0d6

    SHA512

    3be714fb9e3eec09f86b32aeda25ed8677a78db6f0339183877db7bc5f35c7446b8298d756744bcb8fd6224632567ba159db1b59dc807eaff8ae5ef7fcf0ba7e

    Download Submit

  • memory/220-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/220-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4832-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download