Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fc38e751ed...32.exe

windows7-x64

7

fc38e751ed...32.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc38e751ed3a0812f868868a2b274a37818014c1d9f5db1a8d27c8e8c5dce832.exe

  • Size

    80KB

  • MD5

    ae75fec135157bda2b3d6ab83f730287

  • SHA1

    23605d82bd1351cd85b602ce86365584a175dd42

  • SHA256

    fc38e751ed3a0812f868868a2b274a37818014c1d9f5db1a8d27c8e8c5dce832

  • SHA512

    2fae9e929e887718dbdff559ad13d35c5d4d8b59c178d192ed94a8e53a07579f9b1e53567b47bdad7ccf3cc9f2b1849cf1cdaa57221167f1db2fcd1667e3e70b

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOjB+86wG:GhfxHNIreQm+HiKB+86wG

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc38e751ed3a0812f868868a2b274a37818014c1d9f5db1a8d27c8e8c5dce832.exe
    "C:\Users\Admin\AppData\Local\Temp\fc38e751ed3a0812f868868a2b274a37818014c1d9f5db1a8d27c8e8c5dce832.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    73KB

    MD5

    d2c0dd76e05e3ed2106089468b2d65a2

    SHA1

    642967312de7e370e19515651b6cb460bec6e87e

    SHA256

    13cd0eb0d1b9065937173ff5e79f8b5088e0690d65e60d3782a491366697d2e3

    SHA512

    8e9c96fe25347aa869797e0ceba8adf0d74ad34a76a24e4fb9eb23dfdfe521b130802e3b2c8ee303f365b2bce51e70ff7bd211645c0c20b79a7ceba5d0dfc69a

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    80KB

    MD5

    774fbea7b169e79a5fc26f7be4315318

    SHA1

    4aee0edd0f07a139b25efcfe767c50adfc73dbc2

    SHA256

    0f9ec8119a5d63910404a411ee5363dccc98f633bc09103b4fcc34a794de697c

    SHA512

    a81995fa3aa9332c6b43f605e322be1b426cc5d8de492c4cfa3224b3c17b6e202d9c3e9b340cae68c8abf4a8762a1416c215525a54e5b845aba204edec01cbd0

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    774fbea7b169e79a5fc26f7be4315318

    SHA1

    4aee0edd0f07a139b25efcfe767c50adfc73dbc2

    SHA256

    0f9ec8119a5d63910404a411ee5363dccc98f633bc09103b4fcc34a794de697c

    SHA512

    a81995fa3aa9332c6b43f605e322be1b426cc5d8de492c4cfa3224b3c17b6e202d9c3e9b340cae68c8abf4a8762a1416c215525a54e5b845aba204edec01cbd0

    Download Submit

  • memory/3032-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3032-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4916-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download