Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19/01/2024, 12:07
General
-
Target
6795aa864dd5cb1729e7184bbda7a10f.exe
-
Size
9KB
-
MD5
6795aa864dd5cb1729e7184bbda7a10f
-
SHA1
eae6a1eb1a6b780f2f3e66a349fdadfece4d2d53
-
SHA256
5de6209b08cbda135575f64320a612939a6fc450b08217353aa6b54237a4b6a6
-
SHA512
7a6409877f318d7d0084fc2a62c1b3442845886617263a103773266bae7960a586a1c86e10fa70adfeda84de315011a16684c20db20fd2728841232e77ace711
-
SSDEEP
96:1GRWl1y+3l0moQr4SfLpINzu6oc3uSiyBvPRhhCy5QltYb0uXHx+MMTyboyD1c:f1132mDLfFINoVyBvjpn7XR+xTMoyDW
Score
10/10
Malware Config
Signatures
-
Modifies firewall policy service 2 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 3 IoCs
-
Windows security modification 2 TTPs 3 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 3 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
-
Modifies Internet Explorer settings 1 TTPs 5 IoCs
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6795aa864dd5cb1729e7184bbda7a10f.exe"C:\Users\Admin\AppData\Local\Temp\6795aa864dd5cb1729e7184bbda7a10f.exe"1⤵
- Modifies firewall policy service
- Windows security bypass
- Windows security modification
- Installs/modifies Browser Helper Object
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
20KB