Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    5s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 16:21 UTC

General

  • Target

    2caf18c5e952b4770992137c65b3c7eb.exe

  • Size

    2.2MB

  • MD5

    2caf18c5e952b4770992137c65b3c7eb

  • SHA1

    623d211f113d1c556006f6a6000474cdd034467a

  • SHA256

    e910213e91de17837384e5d5aa33c4b5f9eb2eede152ffedfc86d40b231f71e9

  • SHA512

    e6bb10e9aed8b358ac51061a9995dc695d66318902ef25fcdfe317a6d15f24dded47d1df7177df1e33bdadfd3f6c179acdfb0a2706774aac66d41e60b02199ca

  • SSDEEP

    49152:OCyNN+VYY6DL9GZjY2yVSgPIf+kDYdVQxot+j1AdPn6fZ80Es:OCyNN+Ps9YSVPs+6VxYA46Rn

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2caf18c5e952b4770992137c65b3c7eb.exe
    "C:\Users\Admin\AppData\Local\Temp\2caf18c5e952b4770992137c65b3c7eb.exe"
    1⤵
    • Checks BIOS information in registry
    • Suspicious use of SetWindowsHookEx
    PID:2212

Network

  • flag-us
    DNS
    www.nnnwg.com
    2caf18c5e952b4770992137c65b3c7eb.exe
    Remote address:
    8.8.8.8:53
    Request
    www.nnnwg.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    www.nnnwg.com
    dns
    2caf18c5e952b4770992137c65b3c7eb.exe
    59 B
    132 B
    1
    1

    DNS Request

    www.nnnwg.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2212-0-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-3-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-4-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-6-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-7-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-2-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-1-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-16-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-24-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-25-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-26-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-27-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-28-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-29-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-31-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-30-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-32-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-33-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-34-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-35-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

  • memory/2212-36-0x0000000000400000-0x0000000000710000-memory.dmp

    Filesize

    3.1MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.