Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b7da9b80d0...8c.exe

windows7-x64

7

b7da9b80d0...8c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c.exe

  • Size

    80KB

  • MD5

    af751f552eb2bdc941fa1c9c6da9b12f

  • SHA1

    241823daabcd3be14acd1e5989b8c51d0dee418c

  • SHA256

    b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c

  • SHA512

    ae373083385af78988973bb8deb18e0a4e60176d54797c989f293f837e1ff2ed03810079e34f37cec6d81b46964f6f894ba2167c419173713f747b7be5e88cf8

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOr0p9:GhfxHNIreQm+Hi40p9

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c.exe
    "C:\Users\Admin\AppData\Local\Temp\b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    76KB

    MD5

    dd97d7b198d35227d592330cf360139c

    SHA1

    be3cbf53bfcc54de0d2f78e85709460c5f05191d

    SHA256

    639e1a36f6ba632f1538d820eb389b5793a1411288f39fe90ebe17c1d85cdf72

    SHA512

    d4f09d77c5b77fc7a79491d794047dcfb90411d0004e212a3640ca6e311f9e79f8f218b8a25b158192e0ace0e164231d4261d0275186d318044901a18994e67a

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    75KB

    MD5

    b5ff3f01e95b5a070ca93f57c1278cc1

    SHA1

    b2f0a5a810d185324cc7a5ef193d0143c0ed8fe7

    SHA256

    6b5949f1cf2abafa1a332a37115dc34ee5c5c95d831cd8cbd739a22c8fe29240

    SHA512

    153dd340b2ef8e1c4cface584fdbae8bcc041784e2836ee56e8bd1d9b868df541c20c668150878f4c91a38179b176e17bb0a0174fbba410ac8ac2cbd9223687b

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    75KB

    MD5

    b5ff3f01e95b5a070ca93f57c1278cc1

    SHA1

    b2f0a5a810d185324cc7a5ef193d0143c0ed8fe7

    SHA256

    6b5949f1cf2abafa1a332a37115dc34ee5c5c95d831cd8cbd739a22c8fe29240

    SHA512

    153dd340b2ef8e1c4cface584fdbae8bcc041784e2836ee56e8bd1d9b868df541c20c668150878f4c91a38179b176e17bb0a0174fbba410ac8ac2cbd9223687b

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    75KB

    MD5

    b5ff3f01e95b5a070ca93f57c1278cc1

    SHA1

    b2f0a5a810d185324cc7a5ef193d0143c0ed8fe7

    SHA256

    6b5949f1cf2abafa1a332a37115dc34ee5c5c95d831cd8cbd739a22c8fe29240

    SHA512

    153dd340b2ef8e1c4cface584fdbae8bcc041784e2836ee56e8bd1d9b868df541c20c668150878f4c91a38179b176e17bb0a0174fbba410ac8ac2cbd9223687b

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    75KB

    MD5

    b5ff3f01e95b5a070ca93f57c1278cc1

    SHA1

    b2f0a5a810d185324cc7a5ef193d0143c0ed8fe7

    SHA256

    6b5949f1cf2abafa1a332a37115dc34ee5c5c95d831cd8cbd739a22c8fe29240

    SHA512

    153dd340b2ef8e1c4cface584fdbae8bcc041784e2836ee56e8bd1d9b868df541c20c668150878f4c91a38179b176e17bb0a0174fbba410ac8ac2cbd9223687b

    Download Submit

  • memory/2108-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2108-12-0x0000000000340000-0x0000000000356000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2108-17-0x0000000000340000-0x0000000000356000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2108-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2108-22-0x0000000000340000-0x0000000000346000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3008-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3008-23-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download