Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 15:57
Static task
static1
Behavioral task
behavioral1
Sample
7ac932c877a80bd981598f37ccdf1e6c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7ac932c877a80bd981598f37ccdf1e6c.exe
Resource
win10v2004-20231215-en
General
-
Target
7ac932c877a80bd981598f37ccdf1e6c.exe
-
Size
703KB
-
MD5
7ac932c877a80bd981598f37ccdf1e6c
-
SHA1
8204d408d56a590a2dcb629739815112dbd9a16e
-
SHA256
9c216ca074eff0fe66a134a978b883bc27b7ac3d5f29f951e90f0dac980deb61
-
SHA512
721ec8b29681b5144df78efa7ce9f1b867532543491181b0613fa278d2b9d3d88363a819d7fd32959b953217e10cbf5c887ac4d17ed7c344f8c60e3ac1f24cbc
-
SSDEEP
12288:YRycYktU4g/n/t0EW5A0ckOvJwQ5oalK+Geh4v6jIk6bQQ52LwRg08S5nt1/Pk:cxnU4gf2EW5AdHJr1kMh4vOIk6LXlH
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2784 NoHacker.cn.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\NoHacker.cn.exe 7ac932c877a80bd981598f37ccdf1e6c.exe File opened for modification C:\Windows\NoHacker.cn.exe 7ac932c877a80bd981598f37ccdf1e6c.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2428 7ac932c877a80bd981598f37ccdf1e6c.exe Token: SeDebugPrivilege 2784 NoHacker.cn.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2784 NoHacker.cn.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2784 wrote to memory of 2944 2784 NoHacker.cn.exe 28 PID 2784 wrote to memory of 2944 2784 NoHacker.cn.exe 28 PID 2784 wrote to memory of 2944 2784 NoHacker.cn.exe 28 PID 2784 wrote to memory of 2944 2784 NoHacker.cn.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ac932c877a80bd981598f37ccdf1e6c.exe"C:\Users\Admin\AppData\Local\Temp\7ac932c877a80bd981598f37ccdf1e6c.exe"1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2428
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"1⤵PID:2944
-
C:\Windows\NoHacker.cn.exeC:\Windows\NoHacker.cn.exe1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2784
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
703KB
MD57ac932c877a80bd981598f37ccdf1e6c
SHA18204d408d56a590a2dcb629739815112dbd9a16e
SHA2569c216ca074eff0fe66a134a978b883bc27b7ac3d5f29f951e90f0dac980deb61
SHA512721ec8b29681b5144df78efa7ce9f1b867532543491181b0613fa278d2b9d3d88363a819d7fd32959b953217e10cbf5c887ac4d17ed7c344f8c60e3ac1f24cbc