Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
10/01/2024, 02:49
General
-
Target
4f610402f45582e3e2d315440f6bf2e5.exe
-
Size
315KB
-
MD5
4f610402f45582e3e2d315440f6bf2e5
-
SHA1
73c9fd47418d94ba2b51fb13eec0b54c752ec45b
-
SHA256
8ec7bb121601ac099007f2d483ea8db4634c5258af777bc398875ac7c3aa6b7c
-
SHA512
0a5d0fe36bdcfcb5e0269441dbd2d98ed940f6193dee1bab78b8adc94210c76fceda14ecb2757f31faac0fc5207c11ee5a7fbebc5fdfa0c88b5a72eab81aaa3b
-
SSDEEP
6144:j/m6Mh9mPuSST7yiza7inj1VwPq3BnZGrM60IcEemaF0utMa:S69uaomqRZG90IAQa
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Kills process with taskkill 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f610402f45582e3e2d315440f6bf2e5.exe"C:\Users\Admin\AppData\Local\Temp\4f610402f45582e3e2d315440f6bf2e5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /f /pid 1680 & ping -n 3 127.1 & del /f /q "C:\Users\Admin\AppData\Local\Temp\4f610402f45582e3e2d315440f6bf2e5.exe" & start C:\Users\Admin\AppData\Local\eqejbnoc.exe -f2⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 3 127.13⤵
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Local\eqejbnoc.exeC:\Users\Admin\AppData\Local\eqejbnoc.exe -f3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /pid 16801⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
243KB
MD5444ac91b0423022179f5ed85f0f1dab9
SHA1e2236a3a6bd452e88533879815cd5d7f81886f62
SHA256701995aff5b01ac0a1f5484490ca2a16d8968899071382a947bef36a91c6bedd
SHA5120bc7d8c230a0371800eac3bb7fb62f513a08e2b17affb19a24e424e6337816ce844aaa5db3dba05b1ed0149b54a984b61d1f022a665bba206d2725a694d23218
-
Filesize
211KB
MD559bdafe3bfad8fd4bbb5b1b46477b9b2
SHA1ff227e2314c757ea289f747ab1778895172b0f4e
SHA256d0f121211dfd5f6c78ab651db0b1f6732a522654f32b2b3c3a55c3e068cd792b
SHA5122dd5741b56fe04b1a127e17ec07becb38331e55eca131b639a081ca80f94e23c86f90bb582e3becb49cf65200e292cd415aa1d11228d6fcddc53eb754f581afa
-
Filesize
136KB
MD5721e57bdeee44ccbe5f250f083f66384
SHA11c069d1218095400fd3baf8acaeecc0ebcaa0914
SHA2569e2b26a86e6e35c36d92c455865f5986b9a855f8066ebc54c930f49a1cd17483
SHA5129d9363ccc92a84ad47da3363754884811fc664237eccbb4803a66dc06167c85f62f0b0eab624a4c28d1f5e7ee547f9ac9aad7906cb5ed09dc5085d1792e5af7f
-
Filesize
294KB
MD50bf4406dcc555fd6538896c282ab7cb6
SHA19f3f9da7a1a9be48b5cbc12fb3dedf217603a0d1
SHA256bf09d9165e1a82b2cc4fbf093a96411db13ae1488ad4d584e85ea40b89fbeeb7
SHA51202034564b93babf7eec0573df161f43553562c843afbb9f0fd0ed9049d608a979081e998f7dfbe20eda57e3c4bd0f928a7cef4370435957345de868d2dbe0def
-
Filesize
130KB
MD52f6e9b42678eafc5df164fe33cc3ba27
SHA1374e3f324acebd3dd6461f2523bfd4b158571904
SHA2561ef073beeb544bff0fc14ddd467e986c595ea812dda08cd745e17598ab0a1b67
SHA5125daa194122c264b1f42fbf43ded12c67d4054539514fc1eb638841fa91ec5c73f70f9985ba27cc2f124ee25ad9f0494e4dc4e7968301634ef4dc9371ec1b6c9b
-
Filesize
664KB
-
Filesize
8KB
-
Filesize
664KB
-
Filesize
4KB
-
Filesize
664KB
-
Filesize
8KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
664KB