Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 23:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1fc8e8956e33ea65b35d74d113bc8ccf.exe
Resource
win7-20231129-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
1fc8e8956e33ea65b35d74d113bc8ccf.exe
Resource
win10v2004-20231222-en
0 signatures
150 seconds
General
-
Target
1fc8e8956e33ea65b35d74d113bc8ccf.exe
-
Size
348KB
-
MD5
1fc8e8956e33ea65b35d74d113bc8ccf
-
SHA1
5cbff7cc1330e17cd4032af2bd3a18a613d667f7
-
SHA256
c3b22c94069ddc15e1d21384deaf7bd45684576206bac097cfe9b4222b5433a2
-
SHA512
582b7ba6caa22943f695234b0fe376b9b819e558a818c0f3cf16a7ee6950d5a15a77650f9bcc14bcc223587eeaaa71db4a9c2fe65581ecf81707bfc847f140be
-
SSDEEP
6144:TNHLmah7MZ4EBb5S+d4vXED8fl5hnl+BT3ufSRzRFHvijeNU2/:Tl7a4Z88frhnc+qRzRFHqjeNUi
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\newname = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1fc8e8956e33ea65b35d74d113bc8ccf.exe" 1fc8e8956e33ea65b35d74d113bc8ccf.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created \??\c:\windows\newname.dat 1fc8e8956e33ea65b35d74d113bc8ccf.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main 1fc8e8956e33ea65b35d74d113bc8ccf.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2368 1fc8e8956e33ea65b35d74d113bc8ccf.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2368 1fc8e8956e33ea65b35d74d113bc8ccf.exe 2368 1fc8e8956e33ea65b35d74d113bc8ccf.exe 2368 1fc8e8956e33ea65b35d74d113bc8ccf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fc8e8956e33ea65b35d74d113bc8ccf.exe"C:\Users\Admin\AppData\Local\Temp\1fc8e8956e33ea65b35d74d113bc8ccf.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2368