Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
15/10/2023, 19:42
General
-
Target
aa56ab41ce654f992662484f13a7fc80_exe32.exe
-
Size
19KB
-
MD5
aa56ab41ce654f992662484f13a7fc80
-
SHA1
b2f068033bee68608773dbf41a7a24a9e1773877
-
SHA256
bff4f0d2bbc300897e337678afc5bc992e34e400b11dcb8529066e0a000a1919
-
SHA512
c8e18d98ea352cbed2bc2b3bb61a829166cb25628eea02973625053353a072f379a061f26c6b16ab83fa6531a0829931396bdca1ff4c84788f30d6a459c254e2
-
SSDEEP
384:y6l3OmWqRRsHESTnJEkZAnoAO218NHdyTsvMfU:yK3wESTWOO8NHdRvyU
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa56ab41ce654f992662484f13a7fc80_exe32.exe"C:\Users\Admin\AppData\Local\Temp\aa56ab41ce654f992662484f13a7fc80_exe32.exe"1⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5e8d645a287d5fd7abc05701b0ce35c83
SHA1ba53dd42afc884bbec94c303428a4b1022abaae2
SHA256223c1d38014eb92db065d5fb57f0dfdbf8c1300c81fbc209b059b5d1585d6c61
SHA5125670ce12292c0cad3ffbbed2679c87b263e23c488e5082e0aa1f04cb72fb6aa7e7eab1a20d841f9dcec26ee8def5226fe1bc6f560acc23b803b61ee2841b9855
-
Filesize
40KB
-
Filesize
40KB