Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 17:19 UTC
Static task
static1
Behavioral task
behavioral1
Sample
77efbb0ae28325ae8765c2e00f79566f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
77efbb0ae28325ae8765c2e00f79566f.exe
Resource
win10v2004-20231222-en
General
-
Target
77efbb0ae28325ae8765c2e00f79566f.exe
-
Size
1.2MB
-
MD5
77efbb0ae28325ae8765c2e00f79566f
-
SHA1
9db3f690278e5f1df87314c5e02147e87599f200
-
SHA256
2227d9ea56b3af66b980be46d582547c43acdde9670874bea48c374b7afc4078
-
SHA512
4a3363c4e2c0dec0f2eb368386adbe29c4a41b0866bcffd14643342555f4a9bced7e6bc874b5febd4ed4e26a3d62ff29f2cefcf2265cb1c462bbc550314e2233
-
SSDEEP
24576:pAbMSe0NArZRTldLRxpyg9fKPlU0Lw62uT+x1fWp2vI:pONerTtvLMw62THI
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 77efbb0ae28325ae8765c2e00f79566f.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum 77efbb0ae28325ae8765c2e00f79566f.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 77efbb0ae28325ae8765c2e00f79566f.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2540 set thread context of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main 77efbb0ae28325ae8765c2e00f79566f.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2088 77efbb0ae28325ae8765c2e00f79566f.exe 2088 77efbb0ae28325ae8765c2e00f79566f.exe 2088 77efbb0ae28325ae8765c2e00f79566f.exe 2088 77efbb0ae28325ae8765c2e00f79566f.exe 2088 77efbb0ae28325ae8765c2e00f79566f.exe 2088 77efbb0ae28325ae8765c2e00f79566f.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28 PID 2540 wrote to memory of 2088 2540 77efbb0ae28325ae8765c2e00f79566f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\77efbb0ae28325ae8765c2e00f79566f.exe"C:\Users\Admin\AppData\Local\Temp\77efbb0ae28325ae8765c2e00f79566f.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Users\Admin\AppData\Local\Temp\77efbb0ae28325ae8765c2e00f79566f.exe"C:\Users\Admin\AppData\Local\Temp\77efbb0ae28325ae8765c2e00f79566f.exe" Track=""2⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58c0f1937b2c84eed588ceaf5fa5d9b24
SHA1d655412f53d0bf84e25d7acb869ecec875ec6b16
SHA256c881ec2c2c63b6c6ec2e202d422ad979aac5ce0566dc2394e3ad8763b1d3b075
SHA512257edfc7eedf71a062326f43660bdc47b3dd05b71b74926349f3f64b4b0149088126d9313872cdb85af059a6591d05e42b6342c415bb1edf71a5e9b2768bfa54