Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 05:47
Static task
static1
Behavioral task
behavioral1
Sample
768d7dbade7217d281f2ab1986ad6a3c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
768d7dbade7217d281f2ab1986ad6a3c.exe
Resource
win10v2004-20231215-en
General
-
Target
768d7dbade7217d281f2ab1986ad6a3c.exe
-
Size
182KB
-
MD5
768d7dbade7217d281f2ab1986ad6a3c
-
SHA1
3c54030c0b829decc75309fff89ff6252ac664b2
-
SHA256
8d899cd0e250dadaaac282d37eef6f475d6fc9d3e8c73fd6a827de7abea09b60
-
SHA512
ae6639924e1f1b74e16440050872b7fb16da47389e6556b9fa86df02437b7b5ebbf17172fdeee2066f606fc3befa10ec62e3addc2296a279873d301e37e4e7be
-
SSDEEP
3072:/cT9g8immW6Pozkk2eKs/CSr2nQ/E2S5ny+bF2u1I+ddDK7Hlq/B8+m8X:o68i3odBiTl2+TCU/M8X
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft I Service = "C:\\Windows\\winhash_up.exe /REGstart" 768d7dbade7217d281f2ab1986ad6a3c.exe -
Drops file in Windows directory 13 IoCs
description ioc Process File created C:\Windows\winhash_up.exe 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon7.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon12.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File opened for modification C:\Windows\winhash_up.exez 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon6.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon14.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon2.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon3.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon10.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\bugMAKER.bat 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\winhash_up.exez 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon5.ico 768d7dbade7217d281f2ab1986ad6a3c.exe File created C:\Windows\SHARE_TEMP\Icon13.ico 768d7dbade7217d281f2ab1986ad6a3c.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1820 wrote to memory of 2928 1820 768d7dbade7217d281f2ab1986ad6a3c.exe 29 PID 1820 wrote to memory of 2928 1820 768d7dbade7217d281f2ab1986ad6a3c.exe 29 PID 1820 wrote to memory of 2928 1820 768d7dbade7217d281f2ab1986ad6a3c.exe 29 PID 1820 wrote to memory of 2928 1820 768d7dbade7217d281f2ab1986ad6a3c.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\768d7dbade7217d281f2ab1986ad6a3c.exe"C:\Users\Admin\AppData\Local\Temp\768d7dbade7217d281f2ab1986ad6a3c.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1820 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\bugMAKER.bat2⤵PID:2928
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76B
MD59bdee8255419187887ba109fc837788e
SHA182869fc0c2ad582add4f85663c12d3dd913e3835
SHA25622aeda0a6f249add4158bd96f2578c515652b76eabd112c57c13c758eec8047e
SHA512b7499e044c2d7bbaccff22c1985723f49a88efbfbe72d189af6dcaa15c86c8979533c146aa631034278310bbb7fdee7b98b4f18cbdeb795e222f5ac137db81a1