Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 10:10
Static task
static1
Behavioral task
behavioral1
Sample
7713d7e65cee32777074476ce0ae60f3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7713d7e65cee32777074476ce0ae60f3.exe
Resource
win10v2004-20231215-en
General
-
Target
7713d7e65cee32777074476ce0ae60f3.exe
-
Size
56KB
-
MD5
7713d7e65cee32777074476ce0ae60f3
-
SHA1
d6c22b03b38d0543ee4b68aad5bd79c29cb07d29
-
SHA256
451201c5d472b13678002880c71224bb3bec21a391f2d278d4fabbb5a1de4b83
-
SHA512
8218e6f3604bd7f91dd3f60fa60b7faf06296833fe7ce1bc16d27f1d29ff6b6751b20aa27e542e6f8343040cd80a6531dd6c7d320147c797ca32c5c7bf923895
-
SSDEEP
768:Rp7epb3EhwiDVnjNL2K1IfnrzMkg8vUF17HcAj9gOAKo0e:77epb3ESqLh1IzzMkggy17HcS9hpe
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2060 DllHost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7713d7e65cee32777074476ce0ae60f3.exe"C:\Users\Admin\AppData\Local\Temp\7713d7e65cee32777074476ce0ae60f3.exe"1⤵PID:1736
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}1⤵
- Suspicious use of FindShellTrayWindow
PID:2060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5aeb08c926babf741f5e560d697b5d410
SHA1b5e212542ae1ba25d6e8e491dade6b575613815d
SHA256d42d4cf4d30dfbdb78e13472d0f05782bdf029c0481e3cffb2ee85caca0740bb
SHA512ebf8f251c68dd20d5ef19b1fc357046c44d547f8e3167900af1d5013e944a767ca3a9865d2c0780b464fdf64551578a70087f69ced67e2f9cc220b3215eed7ce