Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 02:13
Static task
static1
Behavioral task
behavioral1
Sample
0b469f17734cca213f4d0500ded15e41.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0b469f17734cca213f4d0500ded15e41.exe
Resource
win10v2004-20231215-en
General
-
Target
0b469f17734cca213f4d0500ded15e41.exe
-
Size
211KB
-
MD5
0b469f17734cca213f4d0500ded15e41
-
SHA1
5dd80170764c3d88bd25bf1dbdbf69fe8cbc3faf
-
SHA256
c70900329c557c0fb8f6a8ec2d6987d29a73dd0bc12cb43eee51c54a946c03e4
-
SHA512
1ae91d80902ac01938afaa0ccdcda45777254368d6eaa981e6dc88462ce1c868b5c2229a4e2a605e5252679360eedff6ee2db53492f632085976f7f034322888
-
SSDEEP
3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/e8EpjBFy11AwH:o68i3odBiTl2+TCU/chuhuIp9
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft I Service = "C:\\Windows\\winhash_up.exe /REGstart" 0b469f17734cca213f4d0500ded15e41.exe -
Drops file in Windows directory 13 IoCs
description ioc Process File created C:\Windows\SHARE_TEMP\Icon7.ico 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\winhash_up.exe 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon2.ico 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon3.ico 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon5.ico 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon13.ico 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon14.ico 0b469f17734cca213f4d0500ded15e41.exe File opened for modification C:\Windows\winhash_up.exez 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon10.ico 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon12.ico 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\bugMAKER.bat 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\winhash_up.exez 0b469f17734cca213f4d0500ded15e41.exe File created C:\Windows\SHARE_TEMP\Icon6.ico 0b469f17734cca213f4d0500ded15e41.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2824 2212 0b469f17734cca213f4d0500ded15e41.exe 28 PID 2212 wrote to memory of 2824 2212 0b469f17734cca213f4d0500ded15e41.exe 28 PID 2212 wrote to memory of 2824 2212 0b469f17734cca213f4d0500ded15e41.exe 28 PID 2212 wrote to memory of 2824 2212 0b469f17734cca213f4d0500ded15e41.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b469f17734cca213f4d0500ded15e41.exe"C:\Users\Admin\AppData\Local\Temp\0b469f17734cca213f4d0500ded15e41.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\bugMAKER.bat2⤵PID:2824
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD56f53dd0d78038203f6d7153c0a56a7b6
SHA1de5f5911b9b2bc3ad8fddbb815dee4c7ef6179dd
SHA25626fb7087e6e2a989889ad2c2940b238052db0f31bca0872fa04dd6a4cf9e11c8
SHA512cd2c745cfe2d92f846c1a807cafab8f02cc5b87ccf72b2a2c1ab8c80b789b18c13f61b4065e67b6d4635aeec254d35cbcf91e085224ae0c6f5d43accaba7070b