Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7a9632a18e...c9.exe

windows7-x64

7

7a9632a18e...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    23/09/2023, 07:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a9632a18ef967eb84cc087921f1c3a72e638959cbbd4454efb2d447420b05c9.exe

  • Size

    75KB

  • MD5

    3213a6b12ab6e858c29394b46b600714

  • SHA1

    e2867a66e24a661041cb6a6149b4fd6bec44feac

  • SHA256

    7a9632a18ef967eb84cc087921f1c3a72e638959cbbd4454efb2d447420b05c9

  • SHA512

    3cb34859ac5832797e135fadfc3b56a338c4c6743e5259d147cfd17502ed25c6ff47d21c01dde88043ce730c1270334e1784912e40a6af4185a9a573583f0990

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOeYh:GhfxHNIreQm+HiBYh

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a9632a18ef967eb84cc087921f1c3a72e638959cbbd4454efb2d447420b05c9.exe
    "C:\Users\Admin\AppData\Local\Temp\7a9632a18ef967eb84cc087921f1c3a72e638959cbbd4454efb2d447420b05c9.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    85KB

    MD5

    49d1627d15aab345684b65cbd7dd7675

    SHA1

    6e75e68099ff052a7e6e52948a50c57df5314422

    SHA256

    ff50493fc95a492ee20bd6c1933b9a6c25adad7b34f48a5bde7410024a235feb

    SHA512

    9d6c33320c4dc5748c65af6c55f49b3e7986feee591be8b8a0143d210486aa2c21fb3ceed859cc2e6f463efc1d8306c695fd127cf4a5bee8f385b0da765f4ff6

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    a991c7923c39e3c7f416c049ed2b9823

    SHA1

    1c0b5f8e77ec3f86f118d7b90f12e724ecd8ebba

    SHA256

    b52c52368fceeb7d519c4e803998a15a68c29d0c6e68437c216eee919843a5e2

    SHA512

    7eeec0f61e0fcc569b237ea2e02a6daa6c873ef293c1b4b64718af28ceaa02e4b30dce5609ac3c0d874ca98fc86ece315be98d4d44027fe264cb12d82349583d

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    a991c7923c39e3c7f416c049ed2b9823

    SHA1

    1c0b5f8e77ec3f86f118d7b90f12e724ecd8ebba

    SHA256

    b52c52368fceeb7d519c4e803998a15a68c29d0c6e68437c216eee919843a5e2

    SHA512

    7eeec0f61e0fcc569b237ea2e02a6daa6c873ef293c1b4b64718af28ceaa02e4b30dce5609ac3c0d874ca98fc86ece315be98d4d44027fe264cb12d82349583d

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    a991c7923c39e3c7f416c049ed2b9823

    SHA1

    1c0b5f8e77ec3f86f118d7b90f12e724ecd8ebba

    SHA256

    b52c52368fceeb7d519c4e803998a15a68c29d0c6e68437c216eee919843a5e2

    SHA512

    7eeec0f61e0fcc569b237ea2e02a6daa6c873ef293c1b4b64718af28ceaa02e4b30dce5609ac3c0d874ca98fc86ece315be98d4d44027fe264cb12d82349583d

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    a991c7923c39e3c7f416c049ed2b9823

    SHA1

    1c0b5f8e77ec3f86f118d7b90f12e724ecd8ebba

    SHA256

    b52c52368fceeb7d519c4e803998a15a68c29d0c6e68437c216eee919843a5e2

    SHA512

    7eeec0f61e0fcc569b237ea2e02a6daa6c873ef293c1b4b64718af28ceaa02e4b30dce5609ac3c0d874ca98fc86ece315be98d4d44027fe264cb12d82349583d

    Download Submit

  • memory/1732-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1732-17-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1732-12-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1732-21-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1732-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2844-22-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download