Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 13:51

General

  • Target

    b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c.exe

  • Size

    80KB

  • MD5

    af751f552eb2bdc941fa1c9c6da9b12f

  • SHA1

    241823daabcd3be14acd1e5989b8c51d0dee418c

  • SHA256

    b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c

  • SHA512

    ae373083385af78988973bb8deb18e0a4e60176d54797c989f293f837e1ff2ed03810079e34f37cec6d81b46964f6f894ba2167c419173713f747b7be5e88cf8

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOr0p9:GhfxHNIreQm+Hi40p9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c.exe
    "C:\Users\Admin\AppData\Local\Temp\b7da9b80d0cbe72dca79b2e5eec26d8c7329fcf47394bffb6d13fda39c95ff8c.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    73KB

    MD5

    daf685cd88ff11511590fe29b4757092

    SHA1

    53ad216acb80dabf8dce247785972460c0085f9b

    SHA256

    56e98a41fd813d4720c094234bfe2081734ee4688bae3e8c253e8caca8cc0f43

    SHA512

    5f752c32b0c0e78abc02d2f8118a9765d3e30ea7939d1e320ce08fb0568f337cf1a5fd3127123130126fd5b4efcb59056772a71b6572537ec4219bc35a504878

  • C:\Windows\System\rundll32.exe

    Filesize

    80KB

    MD5

    cffe73b8514ddd4db1605795bb4b4766

    SHA1

    04feeecf25603b5721dd2384e81572661a4fd8f7

    SHA256

    7682453dd2dfa3e5cabc7b4cc4f97269f12fa52886115d1a04a48aeceacc1ff0

    SHA512

    7ae643a26d1d22905fa68031c47842bd4c94d008d9503ea493a0749e3f048a48564f275a951af319201b2b9665427f8df17ebcc4b5b9dca350f73103dbe1efe2

  • C:\Windows\system\rundll32.exe

    Filesize

    80KB

    MD5

    cffe73b8514ddd4db1605795bb4b4766

    SHA1

    04feeecf25603b5721dd2384e81572661a4fd8f7

    SHA256

    7682453dd2dfa3e5cabc7b4cc4f97269f12fa52886115d1a04a48aeceacc1ff0

    SHA512

    7ae643a26d1d22905fa68031c47842bd4c94d008d9503ea493a0749e3f048a48564f275a951af319201b2b9665427f8df17ebcc4b5b9dca350f73103dbe1efe2

  • memory/1380-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/1380-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2492-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB