Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

04a88978fa...f1.exe

windows7-x64

7

04a88978fa...f1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04a88978fa3aa202f80e68a53bc5f9e6a7f7746862b5ccf9025aaebffb3cc0f1.exe

  • Size

    73KB

  • MD5

    1c3775989e03de799a62061ef7bb2321

  • SHA1

    fdf0a1fe8d0080d1722251758ee394ef4c4aa008

  • SHA256

    04a88978fa3aa202f80e68a53bc5f9e6a7f7746862b5ccf9025aaebffb3cc0f1

  • SHA512

    279f3c4de2ff6d7790b2b9a5d4eba0cc1f57e7db90eeb5d1ee0ecdb786faecddeb18aa777e80a7dd1bff41c64898112d92371348dcd7f91e09c051b1eff2df7b

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04a88978fa3aa202f80e68a53bc5f9e6a7f7746862b5ccf9025aaebffb3cc0f1.exe
    "C:\Users\Admin\AppData\Local\Temp\04a88978fa3aa202f80e68a53bc5f9e6a7f7746862b5ccf9025aaebffb3cc0f1.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    77KB

    MD5

    ffde488a070a9838ecbe58d5aeab4d13

    SHA1

    07f9793a5cb83b9a3a1e227dccfe806087d48528

    SHA256

    4a87ef29aeaf7371c3d8df4b0fbe0c70d357463794401ff0618b7e4ea1d75bc5

    SHA512

    1862fcfcf655f639ea2dfb529f73a238e3bef60039eb04c6fe4b005949279b663a50e3d83dfff924ad362bf577570b7428b9c3e837cac8562fcac14c4b0e4f13

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    73KB

    MD5

    414d17b07c3ab0670453ed483e58d539

    SHA1

    f7f4c3263bd2ea219f3259b6d9f3086ba470cbae

    SHA256

    75332355bc6931a408e172c722e3b3e6295929ac81ae0f31ede4ddcd77bef1d1

    SHA512

    8b6fc2122d607718df1c96254c5666ada5d1158fb21839c6b28da0552e3da094fa1848c8a16691072486a2c8974a34770a30d73a1b86e785f411b17f3abf9940

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    414d17b07c3ab0670453ed483e58d539

    SHA1

    f7f4c3263bd2ea219f3259b6d9f3086ba470cbae

    SHA256

    75332355bc6931a408e172c722e3b3e6295929ac81ae0f31ede4ddcd77bef1d1

    SHA512

    8b6fc2122d607718df1c96254c5666ada5d1158fb21839c6b28da0552e3da094fa1848c8a16691072486a2c8974a34770a30d73a1b86e785f411b17f3abf9940

    Download Submit

  • memory/1692-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1692-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4980-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download