Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    126s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 12:49

General

  • Target

    6fba7888b5fe2adca580c376056bb8bf.exe

  • Size

    313KB

  • MD5

    6fba7888b5fe2adca580c376056bb8bf

  • SHA1

    ee26cb74f31aba1fef682a524de52230aa3a5b40

  • SHA256

    153c4ebfcd9ec2425ec4faa17e97c53fc33d7b35269911f5c4e8b731128f3a24

  • SHA512

    b0f1a693c5fcc5bc293648666a8a7f2f28fc6d6434c68cc159fe962c8af4c0dde4340aba2811d494a3f6cca10d645f3b9d923eda02b5aa38612012249a8629e1

  • SSDEEP

    6144:nrK9uEo2S1YnQmCX492DkwNP3qpYFtcM7dZssr+Ixf6LuDTKD2ay9KGYG0LG:nryu6/eIo4vMResyEf0uP9d9UG0G

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fba7888b5fe2adca580c376056bb8bf.exe
    "C:\Users\Admin\AppData\Local\Temp\6fba7888b5fe2adca580c376056bb8bf.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads