Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    161s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 16:54

General

  • Target

    7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5.exe

  • Size

    74KB

  • MD5

    d9a89b5c68b0f7cf4ff7cd64b8601a6d

  • SHA1

    2a101130d9e9e066c6c465699b13255ea38340f8

  • SHA256

    7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5

  • SHA512

    39a8a792a9974d1be220d6325cd53c62a3b094b063b07aa9eeb32155a62128e225ecf5c45bdca9909239484e0106601a82d0c71e816af92c126db0cb53e2ec96

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOu3:RshfSWHHNvoLqNwDDGw02eQmh0HjWOu3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5.exe
    "C:\Users\Admin\AppData\Local\Temp\7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    78KB

    MD5

    b591c127aaecadd304b29b8df4d9364c

    SHA1

    f3e2bda48d74a573006a2c1fe782fe71ed6ada09

    SHA256

    240d2da3fdf9e41e01c86933646d12cc6c9175a8066ef48d4da75bdc5948a3b6

    SHA512

    14ee9b957068f0b113baa6b2d29df42d001f54bcfd265054a3cf302a8cd34e283627f8e50ac72f658d5fe4a8b6f56a2b2b51abb1c5c2a7e4ebff0ba1f415ea7c

  • C:\Windows\system\rundll32.exe

    Filesize

    74KB

    MD5

    5e989f2bb9abf8f83f359785c8f0cd12

    SHA1

    2c7004bd23c5b7ee18f1d81a7d881b231b44527b

    SHA256

    fcb26b481fd32665d4f4f6c56affc8654790cff9f15d33dc1e536f6c422f765c

    SHA512

    ee9bec8f2f3177eb1151d6d2cc29e65bd1b01c7b7815d60057c1bc989e8503473248ce9d56a3a99ec00639564ffd47dbfef25dfc5ba2377260bd294d01b4a363

  • C:\Windows\system\rundll32.exe

    Filesize

    74KB

    MD5

    5e989f2bb9abf8f83f359785c8f0cd12

    SHA1

    2c7004bd23c5b7ee18f1d81a7d881b231b44527b

    SHA256

    fcb26b481fd32665d4f4f6c56affc8654790cff9f15d33dc1e536f6c422f765c

    SHA512

    ee9bec8f2f3177eb1151d6d2cc29e65bd1b01c7b7815d60057c1bc989e8503473248ce9d56a3a99ec00639564ffd47dbfef25dfc5ba2377260bd294d01b4a363

  • \Windows\system\rundll32.exe

    Filesize

    74KB

    MD5

    5e989f2bb9abf8f83f359785c8f0cd12

    SHA1

    2c7004bd23c5b7ee18f1d81a7d881b231b44527b

    SHA256

    fcb26b481fd32665d4f4f6c56affc8654790cff9f15d33dc1e536f6c422f765c

    SHA512

    ee9bec8f2f3177eb1151d6d2cc29e65bd1b01c7b7815d60057c1bc989e8503473248ce9d56a3a99ec00639564ffd47dbfef25dfc5ba2377260bd294d01b4a363

  • \Windows\system\rundll32.exe

    Filesize

    74KB

    MD5

    5e989f2bb9abf8f83f359785c8f0cd12

    SHA1

    2c7004bd23c5b7ee18f1d81a7d881b231b44527b

    SHA256

    fcb26b481fd32665d4f4f6c56affc8654790cff9f15d33dc1e536f6c422f765c

    SHA512

    ee9bec8f2f3177eb1151d6d2cc29e65bd1b01c7b7815d60057c1bc989e8503473248ce9d56a3a99ec00639564ffd47dbfef25dfc5ba2377260bd294d01b4a363

  • memory/1708-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2232-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2232-12-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

  • memory/2232-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2232-20-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB