Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 23:46
Static task
static1
Behavioral task
behavioral1
Sample
076e512e4f7af83d38e3d86e0507c3e1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
076e512e4f7af83d38e3d86e0507c3e1.exe
Resource
win10v2004-20231215-en
General
-
Target
076e512e4f7af83d38e3d86e0507c3e1.exe
-
Size
179KB
-
MD5
076e512e4f7af83d38e3d86e0507c3e1
-
SHA1
50f5933e19741d5cdee8c0f358563d10b21e91aa
-
SHA256
c0a1a342e241ca683de443b5412b6738ec66e6c42ca2ebdd955802bfbacd9b4d
-
SHA512
1766a44184bec7713a0fb0fd140cfbcc97e923c1726703592cbf7d279e4c1bf686637613b63fcf7c721ac29e878561e6fcaa92f8723c74bfacb1b40338b5711b
-
SSDEEP
3072:MwfTJK5uIPdzIx8QyEGxLrmq0LvN3Jp+WPUkKbkrRCV3a5R4x7woeIes2:hTJpiBqfyh70L1FHZ5uxsoMs2
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2388 tasklist32.exe 2792 tasklist32.exe -
Loads dropped DLL 4 IoCs
pid Process 1712 076e512e4f7af83d38e3d86e0507c3e1.exe 1712 076e512e4f7af83d38e3d86e0507c3e1.exe 2388 tasklist32.exe 2388 tasklist32.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created \??\c:\windows\SysWOW64\tasklist32.exe 076e512e4f7af83d38e3d86e0507c3e1.exe File opened for modification \??\c:\windows\SysWOW64\tasklist32.exe 076e512e4f7af83d38e3d86e0507c3e1.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1712 076e512e4f7af83d38e3d86e0507c3e1.exe 2388 tasklist32.exe 2792 tasklist32.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1712 wrote to memory of 2388 1712 076e512e4f7af83d38e3d86e0507c3e1.exe 28 PID 1712 wrote to memory of 2388 1712 076e512e4f7af83d38e3d86e0507c3e1.exe 28 PID 1712 wrote to memory of 2388 1712 076e512e4f7af83d38e3d86e0507c3e1.exe 28 PID 1712 wrote to memory of 2388 1712 076e512e4f7af83d38e3d86e0507c3e1.exe 28 PID 2388 wrote to memory of 2792 2388 tasklist32.exe 29 PID 2388 wrote to memory of 2792 2388 tasklist32.exe 29 PID 2388 wrote to memory of 2792 2388 tasklist32.exe 29 PID 2388 wrote to memory of 2792 2388 tasklist32.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\076e512e4f7af83d38e3d86e0507c3e1.exe"C:\Users\Admin\AppData\Local\Temp\076e512e4f7af83d38e3d86e0507c3e1.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712 -
\??\c:\windows\SysWOW64\tasklist32.exec:\windows\system32\tasklist32.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\windows\SysWOW64\tasklist32.exec:\windows\system32\tasklist32.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5530299b4869576975390e08394f2a2d4
SHA1afba5916e3af04449c32403f679fce5cbec4bdff
SHA25686c55d0800ff52a911620f01773896dec84ee42cc443642d5ff4a70a61d8f3b4
SHA5129b2a64c97c3178222607f50e153a438466f9e379a1a0542f69ad860d1673933eb8f843ba085e29382635abffd533f28d1b57b5e7b7f44a94d495de6afa751988
-
Filesize
99KB
MD52e34d658f71808e8170d0927aaf4733e
SHA1d6b0654dd3412513491f86314f2da10b29a2451d
SHA256fb04211af59837d405569ec07b44c5f30ceb15db84e089aeeb99e54ff1075258
SHA512d6a3f62307495c2e4d1295b7f8d1edf150a43d52d0915df5412148f3bca87702235790afd83a0c1155d9d65160ceb66b13b1fd61b7ccb0e48e8e3a0df627c2e5