Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 19:32

General

  • Target

    0dc2c68ba1d6479092565143803ca30f.exe

  • Size

    24.0MB

  • MD5

    0dc2c68ba1d6479092565143803ca30f

  • SHA1

    06a47fb3ecf052c8c255dc8dc729151d14ca623b

  • SHA256

    03cc85fee1f7601917ed807996281321f6ef8c9bedb29d5a2148cdb3d8b1dde4

  • SHA512

    51a23ff0e194a74d3901cbaf7a0f44d36e81d7d23dce07ce82d27eae44893bfc5591bb1395bc251e344c7986c17971d3962aef56ca73a35f45d594bd2ad2aa96

  • SSDEEP

    393216:CvTIpUq7xHR7Xv2tg/cbN3F2xKN6TNTXdTOAde851z5WL286X2rXYxtEm:KJq10tQcbN3FbUhNXpH2pK

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 3 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0dc2c68ba1d6479092565143803ca30f.exe
    "C:\Users\Admin\AppData\Local\Temp\0dc2c68ba1d6479092565143803ca30f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\ProgramData\NEHNEH\svchost.exe
      C:\ProgramData\NEHNEH\svchost.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      PID:2852
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\0dc2c68ba1d6479092565143803ca30f.exe"
      2⤵
      • Deletes itself
      PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\NEHNEH\svchost.exe

    Filesize

    8.1MB

    MD5

    f106b91c3773fa1159da5ed4fc1ddab9

    SHA1

    2848e2b150fbde93aae88a1ae66fa02d2b66ece7

    SHA256

    ce2612da259be542a7d628b00a5ed8d6595a4b1a2c1ce7d1e68e5448c3075bc9

    SHA512

    4d03320deae61fab8efd21d16ecca0685cb0cc5e46cd916790a18a157d22b1a8b0d597b2c2fc1181f02666f7fd9c3722c6e746198e5f479ee4a108597d6b11c3

  • C:\ProgramData\NEHNEH\svchost.exe

    Filesize

    7.8MB

    MD5

    e3a2ce41071e5f937a1b2dee9473807c

    SHA1

    57b6988ff877c78f65df9cb2e005714ebbb4de23

    SHA256

    4dbbe68850bf6a9ae173cdda760f8888736c03ed70d55fbe8e43e6b4f28442d9

    SHA512

    69b8d814b33d9b7a0ad79ac4872eca3d3cf8c6c67409e1d3c4c91dc2feebdd68d731c92553ccc0e0deb92a4f0a283551da6a1618c268b68d3098dd9f926d6b88

  • \ProgramData\NEHNEH\svchost.exe

    Filesize

    5.5MB

    MD5

    a3e000b83d36abf9df0ebeee835988a8

    SHA1

    525a207887f151d45b6af6d3c3e7c4349951aae8

    SHA256

    bee383710e8f0ac35f03fdc1c8258fd5cb5878362723d2f6449ffeaf49e16e05

    SHA512

    bd9160f0adb572df149b1fefe4cbcceb03046ea32cab1234d9a16682286ca2007f19546328020c80f9cde2b4aaee471f31bc573d22858f1a427004fc53f2c28d

  • \ProgramData\NEHNEH\svchost.exe

    Filesize

    5.3MB

    MD5

    dab3043e7fd6e3e318d4b7ab518b0c05

    SHA1

    e4e50ecea091e8f86504fa9a95e68a01c5af026a

    SHA256

    070748f48589e578451603d7fe4584021a93f629c8794d5d687f248f49aefcaf

    SHA512

    c9a98c382fd6339567c54da4cf8fd9b2091e893b408117db413cd964473659aed4967e2a17c25434f0af122504164f27ec81e1a3d89a7c3ac9c842582f7975a4