Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 18:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5b9a230c646f7fe9eb829170aa60b1be.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
5b9a230c646f7fe9eb829170aa60b1be.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
5b9a230c646f7fe9eb829170aa60b1be.exe
-
Size
14KB
-
MD5
5b9a230c646f7fe9eb829170aa60b1be
-
SHA1
7efd8df58888b822af6a807694646333bafe3ba9
-
SHA256
1af1327bb31f2a65f778c4ed1ee66a1ca36f5a5d10d4d68814bc6dec87837d84
-
SHA512
930c2d18ad4bc5a6e8479e1417bf43a778ad2e93c814eeca65bbfc6423a036cda567c7c5047bfffb86648afb2edd88dfaadead494dce0a3cb6597bcc6cef044a
-
SSDEEP
384:nt9RdeAsF1YgntJj8/TzSJfNCHc8Gw0nitaYzeR9sNehO:t9iXFnSLINSGwYfT
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\\\WINNT\\\\system32\\\\userinit.exe,C:\\Windows\\System32\\acrldrer.exe" 5b9a230c646f7fe9eb829170aa60b1be.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\acrldrer = "C:\\Windows\\System32\\acrldrer.exe" 5b9a230c646f7fe9eb829170aa60b1be.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{B83FC273-3522-4CC6-92EC-75CC86678DA4} 5b9a230c646f7fe9eb829170aa60b1be.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{B83FC273-3522-4CC6-92EC-75CC86678DA4}\Compatibility Flags = "1024" 5b9a230c646f7fe9eb829170aa60b1be.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main 5b9a230c646f7fe9eb829170aa60b1be.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1684 5b9a230c646f7fe9eb829170aa60b1be.exe 1684 5b9a230c646f7fe9eb829170aa60b1be.exe 1684 5b9a230c646f7fe9eb829170aa60b1be.exe