Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/12/2023, 04:13
General
-
Target
0e10a03bd2687c8f38e91c4d47d24d6c.exe
-
Size
430KB
-
MD5
0e10a03bd2687c8f38e91c4d47d24d6c
-
SHA1
aae601d242f4a05ba266493802a8be45bb26a09b
-
SHA256
47107a8eec31993d29c3dae15f72432d3b56df1720a2b00fa143b2ee423422dd
-
SHA512
1f3997b8c9244ae33f66d662456dd872a4de09efedb5120fc21aa9b6c30d96919a9daa0af2b445e1e81ce10b13445039b59a97f2ce58f1085975336a23f2bba6
-
SSDEEP
12288:ibee0PGl89WazvzkmMxM+ltxQMAn0Iv1b70ZSf2M:2edGBazvZMHltxtIv1bUS+M
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0e10a03bd2687c8f38e91c4d47d24d6c.exe"C:\Users\Admin\AppData\Local\Temp\0e10a03bd2687c8f38e91c4d47d24d6c.exe"1⤵
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\VBS1.vbs"2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
-
Filesize
64KB
-
Filesize
1.5MB
-
Filesize
64KB