Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 03:34
Behavioral task
behavioral1
Sample
mingxiaozi/Domain.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
mingxiaozi/Domain.exe
-
Size
2.5MB
-
MD5
81f0fb11bd80498a62818f74c86ba118
-
SHA1
df02e26206e40b662940d19b1e44af92d70c823f
-
SHA256
b9a656ceca29c9b7460f890571d4dce3852d37bdc2d9303364ccb7f2762c59a6
-
SHA512
11f5bc9cab461ecddf6ca6c40a2971d0c46da045c207ac05a9ec34f607d5dede4b39318d63c4cfaafb13f65b9fb9380272556475a83578ed794b7e77641ff2f9
-
SSDEEP
49152:ksU8lg7GGuaKtyTw5uZmKm8VonOISYOlFKM8rj13PDz2:XUX7HsYTtZmUon3S/qH1fDz2
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Wine Domain.exe -
resource yara_rule behavioral1/memory/2652-0-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-3-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-366-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-367-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-369-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-371-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-372-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-373-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-387-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-388-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-390-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-391-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-392-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-393-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-394-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-395-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-396-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral1/memory/2652-397-0x0000000000400000-0x0000000000952000-memory.dmp themida -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main Domain.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2652 Domain.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2652 Domain.exe 2652 Domain.exe 2652 Domain.exe