Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/01/2024, 02:43
Static task
static1
Behavioral task
behavioral1
Sample
774d2de5a283b80065f2907c16a3ec02.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
774d2de5a283b80065f2907c16a3ec02.exe
Resource
win10v2004-20231222-en
General
-
Target
774d2de5a283b80065f2907c16a3ec02.exe
-
Size
604KB
-
MD5
774d2de5a283b80065f2907c16a3ec02
-
SHA1
8b65ee77f337f0967774f12729d2630c7031b564
-
SHA256
c79a698dbdd0e68ccaf999f3cf8cc3514e05ce5010619722ac6fe12741e8e869
-
SHA512
d9818e426e455b0150251eadfc97d0fb1a462a6d01c3718616bdab47702e5a347b440c210f0d3d7183abb573a8855354f3893bb9006bcb924ea4392c44d8aaba
-
SSDEEP
6144:Q+M2cnUTJ1Zwv80utvvq81vggUNqulq+p/VQUQfuT3QnxzBlw91wZOiRPPN8xrzG:Q+M2cnwZV0utvvqpqulq+TZyzjPVUFKD
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2272 RT240124.exe -
Loads dropped DLL 4 IoCs
pid Process 2432 774d2de5a283b80065f2907c16a3ec02.exe 2432 774d2de5a283b80065f2907c16a3ec02.exe 2432 774d2de5a283b80065f2907c16a3ec02.exe 2432 774d2de5a283b80065f2907c16a3ec02.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2432 774d2de5a283b80065f2907c16a3ec02.exe 2272 RT240124.exe 2272 RT240124.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2432 wrote to memory of 2272 2432 774d2de5a283b80065f2907c16a3ec02.exe 28 PID 2432 wrote to memory of 2272 2432 774d2de5a283b80065f2907c16a3ec02.exe 28 PID 2432 wrote to memory of 2272 2432 774d2de5a283b80065f2907c16a3ec02.exe 28 PID 2432 wrote to memory of 2272 2432 774d2de5a283b80065f2907c16a3ec02.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02.exe"C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432 -
C:\Users\Admin\AppData\Local\Temp\RT240124.exe"C:\Users\Admin\AppData\Local\Temp\RT240124.exe" /Restore "C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
604KB
MD5774d2de5a283b80065f2907c16a3ec02
SHA18b65ee77f337f0967774f12729d2630c7031b564
SHA256c79a698dbdd0e68ccaf999f3cf8cc3514e05ce5010619722ac6fe12741e8e869
SHA512d9818e426e455b0150251eadfc97d0fb1a462a6d01c3718616bdab47702e5a347b440c210f0d3d7183abb573a8855354f3893bb9006bcb924ea4392c44d8aaba