Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2d49b15c5b...JC.exe

windows7-x64

8

2d49b15c5b...JC.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15/10/2023, 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe

  • Size

    329KB

  • MD5

    2d49b15c5bca65111fd6c45e56eb92d0

  • SHA1

    38ce1da809552ffd1d4557c1b85e66944690716d

  • SHA256

    30cdb77e8ec407b839feecd91d628083c6f6512f5e9ed45e9ba6a913ccf2cfa7

  • SHA512

    afb0d5f39f17ab1a851699cc9bb2ca22950e219d65102173bc59fe1b6e29e68a6b86d93a0cc37a1c1b1a97585f72e64ef89d22c067537e19cc1bd1eb92d82866

  • SSDEEP

    6144:dFZOSgIhBBQERJpJBQHEJVLiRz96fUjt7vVOGhDRfFYnOOkw5:Lo4vQ4JWHLz96uvV5bqnOOf

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2d49b15c5bca65111fd6c45e56eb92d0_exe32_JC.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1704
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {0704FC15-B9CC-4964-957A-4A36AAC32AFD} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\PROGRA~3\Mozilla\aaacbzj.exe
      C:\PROGRA~3\Mozilla\aaacbzj.exe -uzlnuvg
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\aaacbzj.exe
    Filesize

    329KB

    MD5

    049260e57438785d0fa77bb8659d9f72

    SHA1

    ee88b0399fc600058f4d55a3154e696740b721f7

    SHA256

    7764dc8d94884734da004160da42e1cee02fe536fd25cbfb5ea8afe86c76a798

    SHA512

    d8f3e85e249a7671b6c43eb566f2424a97e3cd31100bfcffce4d1613c36821217e3ebc8e3441961da6a26164742561b628f214e7499e83e7b473d30e47274abf

    Download Submit

  • C:\PROGRA~3\Mozilla\aaacbzj.exe
    Filesize

    329KB

    MD5

    049260e57438785d0fa77bb8659d9f72

    SHA1

    ee88b0399fc600058f4d55a3154e696740b721f7

    SHA256

    7764dc8d94884734da004160da42e1cee02fe536fd25cbfb5ea8afe86c76a798

    SHA512

    d8f3e85e249a7671b6c43eb566f2424a97e3cd31100bfcffce4d1613c36821217e3ebc8e3441961da6a26164742561b628f214e7499e83e7b473d30e47274abf

    Download Submit

  • memory/1704-0-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/1704-1-0x0000000000220000-0x000000000027B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1704-7-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3008-10-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3008-11-0x00000000002E0000-0x000000000033B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3008-17-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download