Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b9dc1e5800...85.exe

windows7-x64

7

b9dc1e5800...85.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    12/11/2023, 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9dc1e58009bd04353c3d9ec524578ace60d0dd49709b356c36c969c3b787485.exe

  • Size

    81KB

  • MD5

    7833a4ae985c56c64bb62456b4cbda71

  • SHA1

    cf320643e8c48cf753fc8c4992526625e1c086c6

  • SHA256

    b9dc1e58009bd04353c3d9ec524578ace60d0dd49709b356c36c969c3b787485

  • SHA512

    e5edcc105922a6774d3d5153dc72a714ec66af98e65b8e5e9a32f98f29f9a4c1fb5018e27d3b8e9f36d31de50b214d97eac1b85ff1eb1978e7ef9702b5bab604

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOoA1cfYf9:GhfxHNIreQm+HiXA1cfYf9

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9dc1e58009bd04353c3d9ec524578ace60d0dd49709b356c36c969c3b787485.exe
    "C:\Users\Admin\AppData\Local\Temp\b9dc1e58009bd04353c3d9ec524578ace60d0dd49709b356c36c969c3b787485.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    78KB

    MD5

    795794cb666c87e81396cb7de6c6b8c5

    SHA1

    699d92173c4c4c043deb820abcccb171ab53b28e

    SHA256

    56bed55f552c151f1b77f639171edf45f0aa5b890a79c27a2bb6f24fa5fd847f

    SHA512

    1d3701be68769a1a921dcb316b30b4c21d0699d822fce11bf27a5f32958159bb512e0e5a0213b9015cf8323885e63d8bd95ad1877d192d4e93069d7850fe3e53

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    17e6f86e4a81d5b9d5e3c8d2069bb942

    SHA1

    0685bb8d2e07e9166d117bdf4a8a6871494e5fb2

    SHA256

    775670ef0630c4982965382da287cbbaad8f2cef51156c5bcbc9889bf74fe152

    SHA512

    658874a2b1054a2ba53b923d404a057fbed719f19713b5966ecad10ddfa6f2108a5f0e9f85dd5cfbab90828273bc05dab0714e547674e9a7560836878634289e

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    17e6f86e4a81d5b9d5e3c8d2069bb942

    SHA1

    0685bb8d2e07e9166d117bdf4a8a6871494e5fb2

    SHA256

    775670ef0630c4982965382da287cbbaad8f2cef51156c5bcbc9889bf74fe152

    SHA512

    658874a2b1054a2ba53b923d404a057fbed719f19713b5966ecad10ddfa6f2108a5f0e9f85dd5cfbab90828273bc05dab0714e547674e9a7560836878634289e

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    17e6f86e4a81d5b9d5e3c8d2069bb942

    SHA1

    0685bb8d2e07e9166d117bdf4a8a6871494e5fb2

    SHA256

    775670ef0630c4982965382da287cbbaad8f2cef51156c5bcbc9889bf74fe152

    SHA512

    658874a2b1054a2ba53b923d404a057fbed719f19713b5966ecad10ddfa6f2108a5f0e9f85dd5cfbab90828273bc05dab0714e547674e9a7560836878634289e

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    17e6f86e4a81d5b9d5e3c8d2069bb942

    SHA1

    0685bb8d2e07e9166d117bdf4a8a6871494e5fb2

    SHA256

    775670ef0630c4982965382da287cbbaad8f2cef51156c5bcbc9889bf74fe152

    SHA512

    658874a2b1054a2ba53b923d404a057fbed719f19713b5966ecad10ddfa6f2108a5f0e9f85dd5cfbab90828273bc05dab0714e547674e9a7560836878634289e

    Download Submit

  • memory/2296-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2296-12-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2296-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2296-21-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2336-18-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download