Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 14:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7529babe2d26fe59fdad435594befd91.exe
Resource
win7-20231215-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
7529babe2d26fe59fdad435594befd91.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
7529babe2d26fe59fdad435594befd91.exe
-
Size
48KB
-
MD5
7529babe2d26fe59fdad435594befd91
-
SHA1
c1c5e1b70ba94ee4a8e7f365c80dfd8abe297250
-
SHA256
4ffb4c60ef8649fdb11e0ed86fab9df6e6b34ea1e86417aca1eb9e5ae7f61464
-
SHA512
fab659ca1a11182434d60c2a2b4b98002312a05bae1b1bf4290b69c771cfddc23f259489ce19bbd047795918606bb2d0afaa67ffa613b2ee86669be4713e623c
-
SSDEEP
768:26NEhmqg90TiUv+6wH9H7MfygXaDMFQXD7e:26amLDC6NNDsQXD7
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" pjsieq.exe -
Executes dropped EXE 1 IoCs
pid Process 1848 pjsieq.exe -
Loads dropped DLL 2 IoCs
pid Process 2272 7529babe2d26fe59fdad435594befd91.exe 2272 7529babe2d26fe59fdad435594befd91.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Windows\CurrentVersion\Run\pjsieq = "C:\\Users\\Admin\\pjsieq.exe" pjsieq.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe 1848 pjsieq.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2272 7529babe2d26fe59fdad435594befd91.exe 1848 pjsieq.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2272 wrote to memory of 1848 2272 7529babe2d26fe59fdad435594befd91.exe 28 PID 2272 wrote to memory of 1848 2272 7529babe2d26fe59fdad435594befd91.exe 28 PID 2272 wrote to memory of 1848 2272 7529babe2d26fe59fdad435594befd91.exe 28 PID 2272 wrote to memory of 1848 2272 7529babe2d26fe59fdad435594befd91.exe 28 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27 PID 1848 wrote to memory of 2272 1848 pjsieq.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\7529babe2d26fe59fdad435594befd91.exe"C:\Users\Admin\AppData\Local\Temp\7529babe2d26fe59fdad435594befd91.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272 -
C:\Users\Admin\pjsieq.exe"C:\Users\Admin\pjsieq.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD55579cd3e2b438b5b75f05d30e0c51dc4
SHA1ae22fad0d9a3ce65450162259a27b42db537edaa
SHA2568269aecc45083f9d7b0de0f71bd20dc44b7b40cbc91d0b1158aa7953c0c7fb22
SHA512e382f4d7497a4e14c9a7a0f7a1cf26877cd902e42fd86c94108e74a0f74c1a593043572a8c963e877205929921a1503ab50a07eaa4130e2d399bb105210ada16