Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 14:43
Behavioral task
behavioral1
Sample
76718972a1c9983da79829d936ae4652.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
76718972a1c9983da79829d936ae4652.exe
Resource
win10v2004-20231222-en
General
-
Target
76718972a1c9983da79829d936ae4652.exe
-
Size
585KB
-
MD5
76718972a1c9983da79829d936ae4652
-
SHA1
2bcea2922323b2012c40978402e9f3fb3fe9fdb2
-
SHA256
b111ebeea6ee904a67982e7fca339c8017482b555e1819a7eddf00a88b9da4ae
-
SHA512
acfd2f095283be9999a9325de132fef59d5982ea6a55a1ca9affa0d32070e73962077779cb489b467505f3763db28cd2ee9ba9dd6767a26cd312448c3f11af76
-
SSDEEP
12288:8TiHFgvJN0bbqMffOzZYpfKPh9KVc1BvpWusp9UIWFaOWQ/yird:CiSvJKfOVWGK+PvpWuiWIpO
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,\"C:\\Users\\Admin\\AppData\\Local\\Pic1fPBkmq\\LOHejsSdpL.exe\" -s" 76718972a1c9983da79829d936ae4652.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" 76718972a1c9983da79829d936ae4652.exe -
resource yara_rule behavioral1/memory/1548-0-0x0000000000400000-0x0000000000634000-memory.dmp upx behavioral1/memory/1548-3-0x0000000000400000-0x0000000000634000-memory.dmp upx behavioral1/memory/1548-4-0x0000000000400000-0x0000000000634000-memory.dmp upx behavioral1/memory/1548-5-0x0000000000400000-0x0000000000634000-memory.dmp upx -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
System policy modification 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" 76718972a1c9983da79829d936ae4652.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1