Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

6fe61c04c8...a0.exe

windows7-x64

7

6fe61c04c8...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/01/2024, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fe61c04c885bafd5b1db3d8baff76a0.exe

  • Size

    181KB

  • MD5

    6fe61c04c885bafd5b1db3d8baff76a0

  • SHA1

    7bf9624081db706b75e56f1fa35155b7277b25f7

  • SHA256

    67005569927952ef66ba77bd1a50dfc6f55677d37e2cd22f56a0de84c2e89105

  • SHA512

    b0c7193a16e6716d911465f7a0dd76ded07522c95b2b9a35b22e27ca0248f9a7cdecf7136c00647e45b7133320868e6c93556dae8438bcc4722ba4b9e98cbdd6

  • SSDEEP

    3072:5jEmLFtjR7iWj9XrTBsoe7De/sqe8ThcUE0LQPWE8Hanargoee:ZEmLHRmWj96oe7ykScU/LQP0HaJ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 7 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fe61c04c885bafd5b1db3d8baff76a0.exe
    "C:\Users\Admin\AppData\Local\Temp\6fe61c04c885bafd5b1db3d8baff76a0.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\winlogon.dll
    Filesize

    44KB

    MD5

    cafd413c4b287e0b697dc8ee2f9e864c

    SHA1

    8c64e2792a3e0b25a6a31ee6ed72ca59a51ab3bc

    SHA256

    d8d8758ae1c43a8cf029093747c92b1984eb24f1fb3935cf2e35ddf645c49986

    SHA512

    2ece1f67af3bc3b5fc943c13934fc2679021a8c6c744a83ee3c7c08125d90568404940b488726036d8e3e47647fc94920e01c141a2c6d2ea0c18129946141315

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    181KB

    MD5

    6fe61c04c885bafd5b1db3d8baff76a0

    SHA1

    7bf9624081db706b75e56f1fa35155b7277b25f7

    SHA256

    67005569927952ef66ba77bd1a50dfc6f55677d37e2cd22f56a0de84c2e89105

    SHA512

    b0c7193a16e6716d911465f7a0dd76ded07522c95b2b9a35b22e27ca0248f9a7cdecf7136c00647e45b7133320868e6c93556dae8438bcc4722ba4b9e98cbdd6

    Download Submit