Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a7606b9015...56.exe

windows7-x64

7

a7606b9015...56.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7606b90150c139edc58a48cc71caba5380120a9720f32c521d16e1db0b63856.exe

  • Size

    75KB

  • MD5

    f7ee323c8a18c0ae0162bc55aa6d4795

  • SHA1

    32fe77851dbffb88aeec2de61549764a513cfbeb

  • SHA256

    a7606b90150c139edc58a48cc71caba5380120a9720f32c521d16e1db0b63856

  • SHA512

    9197be3716e75369ee61b437438092c8f6ce5abf7f6a093be22d6c6675dffb06a6abb5bce8bf6e1b85029b964a96a1840df9403ee543409bdf6da214a6e3223e

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOzF:RshfSWHHNvoLqNwDDGw02eQmh0HjWOzF

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7606b90150c139edc58a48cc71caba5380120a9720f32c521d16e1db0b63856.exe
    "C:\Users\Admin\AppData\Local\Temp\a7606b90150c139edc58a48cc71caba5380120a9720f32c521d16e1db0b63856.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    546001206f001fa179ccf8ac0dad15da

    SHA1

    2557285f919aedd582015cf0f84139d8f34ae4e4

    SHA256

    6c3037034276566dbbd8bcb9c79dc44a09906ce02f594ea7006323de8ce1230d

    SHA512

    27ca3c5c9392913f098ddfe71594525a68d6860aea1761f2823912f3aa1b35549ab6d5b479ff99edb5d688cd84968aee9373be1a5ff418f2e185856f3f35b584

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    81KB

    MD5

    c8800fcc2b32f6eab072a62fa019cd20

    SHA1

    c54d7d42a5299c40eb47958698ed36cfa0d0ef0a

    SHA256

    da4d8486b365442933f97ec2841af126012cad419922fc66715048a38ef06a41

    SHA512

    8f70cab4e2b67840c98237ff25d1918bfb2c54f4374d9e06167e87edc149e4258412a5227c52363f7816428c6e1292c76485e52fcea12ffd54ddd8e5ecd92fca

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    81KB

    MD5

    c8800fcc2b32f6eab072a62fa019cd20

    SHA1

    c54d7d42a5299c40eb47958698ed36cfa0d0ef0a

    SHA256

    da4d8486b365442933f97ec2841af126012cad419922fc66715048a38ef06a41

    SHA512

    8f70cab4e2b67840c98237ff25d1918bfb2c54f4374d9e06167e87edc149e4258412a5227c52363f7816428c6e1292c76485e52fcea12ffd54ddd8e5ecd92fca

    Download Submit

  • memory/3944-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3944-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4680-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download