Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
15/10/2023, 19:06
Static task
static1
Behavioral task
behavioral1
Sample
2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe
-
Size
329KB
-
MD5
2d49b15c5bca65111fd6c45e56eb92d0
-
SHA1
38ce1da809552ffd1d4557c1b85e66944690716d
-
SHA256
30cdb77e8ec407b839feecd91d628083c6f6512f5e9ed45e9ba6a913ccf2cfa7
-
SHA512
afb0d5f39f17ab1a851699cc9bb2ca22950e219d65102173bc59fe1b6e29e68a6b86d93a0cc37a1c1b1a97585f72e64ef89d22c067537e19cc1bd1eb92d82866
-
SSDEEP
6144:dFZOSgIhBBQERJpJBQHEJVLiRz96fUjt7vVOGhDRfFYnOOkw5:Lo4vQ4JWHLz96uvV5bqnOOf
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 3008 aaacbzj.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\aaacbzj.exe 2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe File created C:\PROGRA~3\Mozilla\epqxpia.dll aaacbzj.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2948 wrote to memory of 3008 2948 taskeng.exe 29 PID 2948 wrote to memory of 3008 2948 taskeng.exe 29 PID 2948 wrote to memory of 3008 2948 taskeng.exe 29 PID 2948 wrote to memory of 3008 2948 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe"C:\Users\Admin\AppData\Local\Temp\2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe"1⤵
- Drops file in Program Files directory
PID:1704
-
C:\Windows\system32\taskeng.exetaskeng.exe {0704FC15-B9CC-4964-957A-4A36AAC32AFD} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2948 -
C:\PROGRA~3\Mozilla\aaacbzj.exeC:\PROGRA~3\Mozilla\aaacbzj.exe -uzlnuvg2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
329KB
MD5049260e57438785d0fa77bb8659d9f72
SHA1ee88b0399fc600058f4d55a3154e696740b721f7
SHA2567764dc8d94884734da004160da42e1cee02fe536fd25cbfb5ea8afe86c76a798
SHA512d8f3e85e249a7671b6c43eb566f2424a97e3cd31100bfcffce4d1613c36821217e3ebc8e3441961da6a26164742561b628f214e7499e83e7b473d30e47274abf
-
Filesize
329KB
MD5049260e57438785d0fa77bb8659d9f72
SHA1ee88b0399fc600058f4d55a3154e696740b721f7
SHA2567764dc8d94884734da004160da42e1cee02fe536fd25cbfb5ea8afe86c76a798
SHA512d8f3e85e249a7671b6c43eb566f2424a97e3cd31100bfcffce4d1613c36821217e3ebc8e3441961da6a26164742561b628f214e7499e83e7b473d30e47274abf