Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 16:43
Static task
static1
Behavioral task
behavioral1
Sample
7d99983f89dc32fda43d776cb33e3357.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7d99983f89dc32fda43d776cb33e3357.exe
Resource
win10v2004-20231222-en
General
-
Target
7d99983f89dc32fda43d776cb33e3357.exe
-
Size
35KB
-
MD5
7d99983f89dc32fda43d776cb33e3357
-
SHA1
8cc20c7c9c44458ec7b2c776e57f4e25fc8dec58
-
SHA256
12c42cae4fcababe097a8d3ef2aea22e7c62b8ad61a5cc9c52eff1d11a7f4ea8
-
SHA512
8f9a26f2161f7d392de7639b587f6b30ed3fcd2bd3407fba612650ef2e32c7515e446dd61e64460552a6c709852474039a904cbcaa66088ffb2e37272ba80c2c
-
SSDEEP
768:NqQoj/dSzNVQ1mDNJWbKEdBMQXQ3Cn4eQQWrcwxZ:MQoj/YNJcAQW5
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2900 jusched.exe -
Loads dropped DLL 2 IoCs
pid Process 456 7d99983f89dc32fda43d776cb33e3357.exe 456 7d99983f89dc32fda43d776cb33e3357.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\Java\jre-19\bin\jusched.exe 7d99983f89dc32fda43d776cb33e3357.exe File created C:\Program Files (x86)\Java\jre-19\bin\UF 7d99983f89dc32fda43d776cb33e3357.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe 2900 jusched.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 456 wrote to memory of 2900 456 7d99983f89dc32fda43d776cb33e3357.exe 28 PID 456 wrote to memory of 2900 456 7d99983f89dc32fda43d776cb33e3357.exe 28 PID 456 wrote to memory of 2900 456 7d99983f89dc32fda43d776cb33e3357.exe 28 PID 456 wrote to memory of 2900 456 7d99983f89dc32fda43d776cb33e3357.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d99983f89dc32fda43d776cb33e3357.exe"C:\Users\Admin\AppData\Local\Temp\7d99983f89dc32fda43d776cb33e3357.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:456 -
C:\Program Files (x86)\Java\jre-19\bin\jusched.exe"C:\Program Files (x86)\Java\jre-19\bin\jusched.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2900
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD5f253efe302d32ab264a76e0ce65be769
SHA1768685ca582abd0af2fbb57ca37752aa98c9372b
SHA25649dca65f362fee401292ed7ada96f96295eab1e589c52e4e66bf4aedda715fdd
SHA5121990d20b462406bbadb22ba43f1ed9d0db6b250881d4ac89ad8cf6e43ca92b2fd31c3a15be1e6e149e42fdb46e58122c15bc7869a82c9490656c80df69fa77c4
-
Filesize
35KB
MD5242e90e862a79e30680cbaad6e77fdfd
SHA1218ba729a47f15916553315faaaec3925333c676
SHA256998c25de3ac80ee1afcdc646e69699c789c34e37b5e639ac67a9fe25eec1c110
SHA5129a372b63e1592442ce3b86f64799bcfd1613c17ef34564a54c4dc8823192fb69081c64445ffdc9d8c8c226b71e26cad276a4f4fae0fd6f77c6037945ab0eddbe
-
Filesize
20KB
MD543ed12bacb54e47444ec3d5caf7cd8b7
SHA1042cd94a427f91e39fa62081c0940d60ea43acd5
SHA2563e6bac3eb23683bea2b395d5f9e5ada9dd97221375b913bcb1bf04e32792b2a0
SHA512f8bda8827078a6f0b74c3dc79d186dfdece5892bc2f4b0ae854bbd96ddca3a1ecb3f6cc1654127dc46a8d93e582b1a7e651e4d811439de1c69ae4a56ccb19350
-
Filesize
4KB
MD52a56d6f629e34150a9164b3a9a971828
SHA172ae50723a2ab0e16494ce54ee6239b4491342e6
SHA2569496e3609d643f55c21d06688bdef93214d5e88304b14e46185536135aa61b55
SHA512af872857a0aea262f57824d8a92bfaf5bf9166ba8855465c070e1598cae08bb84b0dce0e008d5407175cf13cc486459f5c3f72f9eb13070fb11497420f8338b9