Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
28/01/2024, 03:34
Behavioral task
behavioral1
Sample
7c0a7ee9adc543002bfbd44f76d3d16b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7c0a7ee9adc543002bfbd44f76d3d16b.exe
Resource
win10v2004-20231215-en
General
-
Target
7c0a7ee9adc543002bfbd44f76d3d16b.exe
-
Size
841KB
-
MD5
7c0a7ee9adc543002bfbd44f76d3d16b
-
SHA1
2e2767f7009b9f0f2188846f6b04b7aa4370ef09
-
SHA256
147695187ec56632857679d42fa7ccfbb79bc3ada3410b99624041e29e269aa9
-
SHA512
473aabf590887a35d917e2760542b5f2ffb0ddbb4fe92dfaa354855ec0f12d9c256c5a64a4ee06b6b61199c38a73356107ec8472a45d8446e81da25a511dc8f1
-
SSDEEP
12288:TGWVC/ONsG69GtAFS5zJCxihkIPIC09tP54khIdokA2efYaDL:90WX69GtAgIX36dod1YaDL
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1304-0-0x0000000000A10000-0x0000000000C86000-memory.dmp upx behavioral1/memory/1304-20-0x0000000000A10000-0x0000000000C86000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main 7c0a7ee9adc543002bfbd44f76d3d16b.exe Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch 7c0a7ee9adc543002bfbd44f76d3d16b.exe Set value (str) \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" 7c0a7ee9adc543002bfbd44f76d3d16b.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe 1304 7c0a7ee9adc543002bfbd44f76d3d16b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c0a7ee9adc543002bfbd44f76d3d16b.exe"C:\Users\Admin\AppData\Local\Temp\7c0a7ee9adc543002bfbd44f76d3d16b.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD56eb05dd8dac412dde3c7c4c77fa795c2
SHA14a394aed261ac257c6def15e3b199bbdef869c4d
SHA25614bac8532e27adf9f8a0645e953b6dbddbeffe0836de6ee53bedb4d6c3a8799e
SHA512558e994205bd1a96c74d116e79f474b6ffd44f29545276fa122275d4c6c0bc24706e842ea6ebe729fcfd44a9fe5c01a3984dc75d94fddde8678520605395fc50