Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 14:43

General

  • Target

    76718972a1c9983da79829d936ae4652.exe

  • Size

    585KB

  • MD5

    76718972a1c9983da79829d936ae4652

  • SHA1

    2bcea2922323b2012c40978402e9f3fb3fe9fdb2

  • SHA256

    b111ebeea6ee904a67982e7fca339c8017482b555e1819a7eddf00a88b9da4ae

  • SHA512

    acfd2f095283be9999a9325de132fef59d5982ea6a55a1ca9affa0d32070e73962077779cb489b467505f3763db28cd2ee9ba9dd6767a26cd312448c3f11af76

  • SSDEEP

    12288:8TiHFgvJN0bbqMffOzZYpfKPh9KVc1BvpWusp9UIWFaOWQ/yird:CiSvJKfOVWGK+PvpWuiWIpO

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • UAC bypass 3 TTPs 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • System policy modification 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76718972a1c9983da79829d936ae4652.exe
    "C:\Users\Admin\AppData\Local\Temp\76718972a1c9983da79829d936ae4652.exe"
    1⤵
    • Modifies WinLogon for persistence
    • UAC bypass
    • System policy modification
    PID:1548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1548-0-0x0000000000400000-0x0000000000634000-memory.dmp

    Filesize

    2.2MB

  • memory/1548-3-0x0000000000400000-0x0000000000634000-memory.dmp

    Filesize

    2.2MB

  • memory/1548-4-0x0000000000400000-0x0000000000634000-memory.dmp

    Filesize

    2.2MB

  • memory/1548-5-0x0000000000400000-0x0000000000634000-memory.dmp

    Filesize

    2.2MB