Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 09:45

General

  • Target

    150a6c905e098eeaa975b6a9afb022c0.exe

  • Size

    129KB

  • MD5

    150a6c905e098eeaa975b6a9afb022c0

  • SHA1

    1c2c31b092285c37a6008077131d4acb3ca21b7b

  • SHA256

    e810fabfd32516a7c463115e83591e88581041f514681272f78e207032c6f9e6

  • SHA512

    15d089dc683ab48f68c63bdd269fc0d8b0490416d6b80cd86d56289a322e5133035c057dc061b8bc4bfb6d2f424d7de86a8a557610a47a80aa24e4f518ed3153

  • SSDEEP

    3072:gimU5U+ASQRKNJa8EfwdUxZBM7067a+i8NY45sx:gnMASQyJanRBM7Zi8Nhs

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\150a6c905e098eeaa975b6a9afb022c0.exe
    "C:\Users\Admin\AppData\Local\Temp\150a6c905e098eeaa975b6a9afb022c0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1840
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {5515B23D-8CF6-4CDC-BA7E-FFD831D01CFC} S-1-5-21-3470981204-343661084-3367201002-1000:GLTGRJAG\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Users\Admin\AppData\Local\Temp\150a6c905e098eeaa975b6a9afb022c0.exe
      C:\Users\Admin\AppData\Local\Temp\150a6c905e098eeaa975b6a9afb022c0.exe
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Twain001.Mtx

    Filesize

    2B

    MD5

    309fc7d3bc53bb63ac42e359260ac740

    SHA1

    2064f80f811db79a33c4e51c10221454e30c74ae

    SHA256

    ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa

    SHA512

    77dd27d30f4e13a0bcd6fd27ae7567c136d87393e5ee632bccf05b0a0d2bbcc2fc0fd777a8508e26cc4fc579c8da0ab56b7bf179b1adc70f28f7d0eee89fa5f8

  • memory/1840-2-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/1840-1-0x0000000000270000-0x0000000000295000-memory.dmp

    Filesize

    148KB

  • memory/1840-35443-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/1840-35444-0x0000000072350000-0x00000000733B2000-memory.dmp

    Filesize

    16.4MB

  • memory/1840-35445-0x0000000072350000-0x00000000733B2000-memory.dmp

    Filesize

    16.4MB

  • memory/1840-35449-0x0000000002E70000-0x0000000002E71000-memory.dmp

    Filesize

    4KB

  • memory/1840-35448-0x0000000002710000-0x0000000002714000-memory.dmp

    Filesize

    16KB

  • memory/1840-35450-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2124-35457-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/2124-35458-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB