Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

076e512e4f...e1.exe

windows7-x64

7

076e512e4f...e1.exe

windows10-2004-x64

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    076e512e4f7af83d38e3d86e0507c3e1.exe

  • Size

    179KB

  • MD5

    076e512e4f7af83d38e3d86e0507c3e1

  • SHA1

    50f5933e19741d5cdee8c0f358563d10b21e91aa

  • SHA256

    c0a1a342e241ca683de443b5412b6738ec66e6c42ca2ebdd955802bfbacd9b4d

  • SHA512

    1766a44184bec7713a0fb0fd140cfbcc97e923c1726703592cbf7d279e4c1bf686637613b63fcf7c721ac29e878561e6fcaa92f8723c74bfacb1b40338b5711b

  • SSDEEP

    3072:MwfTJK5uIPdzIx8QyEGxLrmq0LvN3Jp+WPUkKbkrRCV3a5R4x7woeIes2:hTJpiBqfyh70L1FHZ5uxsoMs2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\076e512e4f7af83d38e3d86e0507c3e1.exe
    "C:\Users\Admin\AppData\Local\Temp\076e512e4f7af83d38e3d86e0507c3e1.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • \??\c:\windows\SysWOW64\tasklist32.exe
      c:\windows\system32\tasklist32.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2388
      • \??\c:\windows\SysWOW64\tasklist32.exe
        c:\windows\system32\tasklist32.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\tasklist32.exe
    Filesize

    92KB

    MD5

    530299b4869576975390e08394f2a2d4

    SHA1

    afba5916e3af04449c32403f679fce5cbec4bdff

    SHA256

    86c55d0800ff52a911620f01773896dec84ee42cc443642d5ff4a70a61d8f3b4

    SHA512

    9b2a64c97c3178222607f50e153a438466f9e379a1a0542f69ad860d1673933eb8f843ba085e29382635abffd533f28d1b57b5e7b7f44a94d495de6afa751988

    Download Submit

  • \Windows\SysWOW64\tasklist32.exe
    Filesize

    99KB

    MD5

    2e34d658f71808e8170d0927aaf4733e

    SHA1

    d6b0654dd3412513491f86314f2da10b29a2451d

    SHA256

    fb04211af59837d405569ec07b44c5f30ceb15db84e089aeeb99e54ff1075258

    SHA512

    d6a3f62307495c2e4d1295b7f8d1edf150a43d52d0915df5412148f3bca87702235790afd83a0c1155d9d65160ceb66b13b1fd61b7ccb0e48e8e3a0df627c2e5

    Download Submit