Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
06/01/2024, 12:47
General
-
Target
464411f0c7db8b5f8eec494db82f3d4f.exe
-
Size
1000KB
-
MD5
464411f0c7db8b5f8eec494db82f3d4f
-
SHA1
6ec326eb141c267b28ea263d619c0f58e509e16a
-
SHA256
be8ffc0c91b5e447946d1892d0119251f0b514dbd490045d402dc9e1e2fed2a0
-
SHA512
bce62c9c3b4c4959bec88e18f7b46d10847d1e073cdfa74d11a2fa6c07fa5180f5d49103f1f1f8787f83e06348270fca153fcd7c59cb80be3235fbb5f5f48bb1
-
SSDEEP
12288:sxcDxsHNiBnHTvB0EOvrehS1VECaBwQ2tb5JLrnylUPqt0gHDS7eyod:DmHynHjB0EmrehS81B+5vMiqt0gj2ed
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\464411f0c7db8b5f8eec494db82f3d4f.exe"C:\Users\Admin\AppData\Local\Temp\464411f0c7db8b5f8eec494db82f3d4f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\464411f0c7db8b5f8eec494db82f3d4f.exeC:\Users\Admin\AppData\Local\Temp\464411f0c7db8b5f8eec494db82f3d4f.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\464411f0c7db8b5f8eec494db82f3d4f.exe" /TN Google_Trk_Updater /F3⤵
- Creates scheduled task(s)
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
96KB
MD50ed0c4ba03aca46538a9248f2c6e8239
SHA1b873a0f14394500fd1dd993d351cad317ba3947e
SHA2565f1a252a79b221c4453aeb6f78a44b88fcaa87926ecfc7a6e4ca892cdacda661
SHA5127ecdc70947aea1d889294760895f9ee98783313b95ab528bdfaeaa7e27b186fa13d7611b5e2bc19de95c3d5d388c9abedbcb1fb956779e4474b153b95c58c97f
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
1000KB
MD55518431a989da496d674d91368d37218
SHA1a5c61d31c47787d130e125711d58ee3a11f8137f
SHA25656a787feb4a415d2bd609ca3f7df88db7267ff513f9ba99bb4206371a5d9b222
SHA51267abd8d321f58af0be2c3467285b4821e11e2aaa68c3e87470598bfeb28c3cda505ba011d5fe267829836e9c0a548b0a6b251dbb893de31ccea9e71745e16fad
-
Filesize
524KB
-
Filesize
504KB
-
Filesize
504KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
524KB
-
Filesize
364KB
-
Filesize
504KB
-
Filesize
364KB