Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2023, 03:05

General

  • Target

    6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2.exe

  • Size

    11.4MB

  • MD5

    a727493db8fc9d62a7d442b9f8d6b270

  • SHA1

    8725622fb448707c1febaf30eb15ed71fbda38f5

  • SHA256

    6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2

  • SHA512

    cbf4c1b515c0de34e69046f5cade071c20dd86baa699a62d6c261647226290f84230e7fdb89d0e2288764817873e9df8d7b68eaed66b9ec05c0044906973564f

  • SSDEEP

    196608:+Quf04H7ZH8VrsEyi80+gwLgS2GGuYJV+:wf0qIp0gI2eYO

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: RenamesItself 2 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2.exe
    "C:\Users\Admin\AppData\Local\Temp\6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\update.bat
      2⤵
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:2444
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1500
        3⤵
        • Runs ping.exe
        PID:2552
      • C:\Users\Admin\AppData\Local\Temp\6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2.exe
        C:\Users\Admin\AppData\Local\Temp\6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1680
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\update.bat
          4⤵
          • Suspicious behavior: RenamesItself
          • Suspicious use of WriteProcessMemory
          PID:2820
          • C:\Windows\SysWOW64\PING.EXE
            ping 1.1.1.1 -n 1 -w 1500
            5⤵
            • Runs ping.exe
            PID:2868
          • C:\Users\Admin\AppData\Local\Temp\6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2.exe
            C:\Users\Admin\AppData\Local\Temp\6317c55cac55fad2fee9a5e8ef9d6978ec680032d0f663c4e66b4bc67ee126b2.exe
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            PID:1808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\update.bat

    Filesize

    290B

    MD5

    46ab15e576752208d8383ab85f7a3728

    SHA1

    27124a0af2eb7efc3adf38a4db21bc9f406ff04c

    SHA256

    100048ec218b8438089c51d84ca4ef0642d2e539488a7746bb028a100d58d5e6

    SHA512

    5c07bba38f7aa35ea13630ea65164b9ffcc1bab0715cb91a5b94676689d4df69fbad59a729ec2a38cd494a88464d1840edf70d52452e00520f856dfaf8abe99f

  • C:\Users\Admin\AppData\Local\Temp\update.bat

    Filesize

    290B

    MD5

    46ab15e576752208d8383ab85f7a3728

    SHA1

    27124a0af2eb7efc3adf38a4db21bc9f406ff04c

    SHA256

    100048ec218b8438089c51d84ca4ef0642d2e539488a7746bb028a100d58d5e6

    SHA512

    5c07bba38f7aa35ea13630ea65164b9ffcc1bab0715cb91a5b94676689d4df69fbad59a729ec2a38cd494a88464d1840edf70d52452e00520f856dfaf8abe99f

  • C:\Users\Admin\AppData\Local\Temp\update.bat

    Filesize

    290B

    MD5

    46ab15e576752208d8383ab85f7a3728

    SHA1

    27124a0af2eb7efc3adf38a4db21bc9f406ff04c

    SHA256

    100048ec218b8438089c51d84ca4ef0642d2e539488a7746bb028a100d58d5e6

    SHA512

    5c07bba38f7aa35ea13630ea65164b9ffcc1bab0715cb91a5b94676689d4df69fbad59a729ec2a38cd494a88464d1840edf70d52452e00520f856dfaf8abe99f