Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
5s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
25/12/2023, 16:14
General
-
Target
2c4468631a1f46fb0796e3f3fbcf4781.exe
-
Size
180KB
-
MD5
2c4468631a1f46fb0796e3f3fbcf4781
-
SHA1
1ec1ab16aff3096333b74cadee7806360e93c310
-
SHA256
791039c1867b6bf11364348554c27218c6ad4f10e9bdc2fd0a61c79677a1ac01
-
SHA512
c96c54304327ed2d6d909d5fa6f2ad47ff0d53568e8c3d356b73e22dd05448874edb33e3eb508d458456c6465230b325f9bb2588d6912c02ab3d8e5cbf84997c
-
SSDEEP
1536:9zKIw99C4YUUTq2Q/hZx7vkrkx/xBEWM:oncrkx/xHM
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c4468631a1f46fb0796e3f3fbcf4781.exe"C:\Users\Admin\AppData\Local\Temp\2c4468631a1f46fb0796e3f3fbcf4781.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\znqour.exe"C:\Users\Admin\znqour.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-