Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
01/01/2024, 08:14
General
-
Target
3c58a768806b7cf7102828a36a931788.exe
-
Size
89KB
-
MD5
3c58a768806b7cf7102828a36a931788
-
SHA1
4ed8363c4265f163f9bd038d76105662bd9bbf96
-
SHA256
8f75ba411a122ff607c30e29db68a561f49174920182a6862b709c20e55be4c8
-
SHA512
cae00b6f51ebf2f1cf9b8d55f53d00a230891647843b6376b93161169e27140b1d83953eebd010505374f2c69f0f54737d2df364d129b1a3b4465d2c9f62e56d
-
SSDEEP
1536:5f69FF9pvyv5H3Yq7ODyYE++llwwMs2M5J:5iPF9pvyRXxN+s2M5J
Score
8/10
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 4 IoCs
-
Drops file in Drivers directory 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Modifies data under HKEY_USERS 10 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c58a768806b7cf7102828a36a931788.exe"C:\Users\Admin\AppData\Local\Temp\3c58a768806b7cf7102828a36a931788.exe"1⤵
- Adds policy Run key to start application
- Drops file in Drivers directory
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\MICROS~1\logman.exeC:\Users\Admin\AppData\Roaming\MICROS~1\logman.exe /waitservice2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD53c58a768806b7cf7102828a36a931788
SHA14ed8363c4265f163f9bd038d76105662bd9bbf96
SHA2568f75ba411a122ff607c30e29db68a561f49174920182a6862b709c20e55be4c8
SHA512cae00b6f51ebf2f1cf9b8d55f53d00a230891647843b6376b93161169e27140b1d83953eebd010505374f2c69f0f54737d2df364d129b1a3b4465d2c9f62e56d