Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 10:53
General
-
Target
7481cceec63a7fc36bf29743c73fc3dc.exe
-
Size
191KB
-
MD5
7481cceec63a7fc36bf29743c73fc3dc
-
SHA1
bee5f73b225e84f1cafd8472ef76be272ceb38b0
-
SHA256
af9f8f329e93f6086b6b889569d59dcc7491c99d90018f14ab672d9a8f53ca20
-
SHA512
9872edd5c0bfbaacb85513e69871ca4efc42b14ffc026c3764e602e2c50217fdb441c38648b22344f26e041f1d28cae7e2e7dd1e7ddb998d25a9267c646d6aa6
-
SSDEEP
3072:r5sSIMHJY1a0crx/S7weJNKjgics+Ufi4N9LAWLgX4W3VsmL1cRur6jVJ9T/RNoS:r5NfpY2SJ3ugiCUYWLm4W3VsAcRuWjrj
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 31 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 53 IoCs
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\7481cceec63a7fc36bf29743c73fc3dc.exe"C:\Users\Admin\AppData\Local\Temp\7481cceec63a7fc36bf29743c73fc3dc.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Ihohe\yhewy.exe"C:\Users\Admin\AppData\Roaming\Ihohe\yhewy.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp5eabc4e2.bat"3⤵
- Deletes itself
-
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Program Files\Windows Mail\WinMail.exe"C:\Program Files\Windows Mail\WinMail.exe" -Embedding1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5a1b6c3695845f0291580c6159a8a99a1
SHA138d2707016573e4a016712a386c9d1984f955834
SHA256bce50ad0b1db394d9dea821b2bec48a9d04f1cd42e82befb018a8cfd10863ba1
SHA5128ca44c196358008fbf6b3fa532b168b6312fae6bebcb72f7b1143272849fb036890e9c1e5c51eebcbd89224944ea423f619f6231e6c26912250b4789a846ce3e
-
Filesize
243B
MD5b3eee965461bf5b7c8d7fd6b3ea820b2
SHA1c25667404c753c5d09c845bd24e01d26a50ee127
SHA2569fefb7bf096922f5c9d78e8272cb6ab0552949da83cc23beade959517416f9e0
SHA5126bf128c7daf5f90be078f0a3b655f7466756723fb9eba92f086a9a8a7752244a6963e112189b9828f468da019c23169fee349d08ecc02ce0760eea70c7733d3b
-
Filesize
366B
MD51590ce9e2cc236c22f1575d91466b8b8
SHA182a6532e436cc5ed363a64437808033120f2f777
SHA2567feb23e37c57a30bbaf515ebad823a0a35d2259b3906e0f89a78ad4550924ba1
SHA5129c1c5f8180017f2ea14876f4eff07f276df60353d9dbe4bbc1b3f886a2b52da50c86c478b30375232ec8e5ab6260fcf8770dc84422b41a407d356472603fecd0
-
Filesize
191KB
MD5ce88e8e7a7910759f0da848db5a303ea
SHA1476a43256b9a3009b2de1ec64201eecdaf12f77e
SHA2560b70d7440118e6e90a92568177289968906d2dc36ba7704ca9afdca489993b37
SHA51205506a57869232929f09df6cb10d418818fcf9a131a33f89848e7b18f57ee213bc4f2a788be6fad6e402661ffdedc84e1ff31ad6cd2ad284abcb8e13a6760a1e
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
332KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
332KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
332KB
-
Filesize
332KB
-
Filesize
84KB
-
Filesize
332KB
-
Filesize
156KB
-
Filesize
332KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
332KB
-
Filesize
332KB