Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2024, 09:49
Static task
static1
Behavioral task
behavioral1
Sample
7f8752275db16d2826dc34298bb0ffc2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7f8752275db16d2826dc34298bb0ffc2.exe
Resource
win10v2004-20231215-en
General
-
Target
7f8752275db16d2826dc34298bb0ffc2.exe
-
Size
36KB
-
MD5
7f8752275db16d2826dc34298bb0ffc2
-
SHA1
6054564884a40da4ad41515606236fe3d77b6805
-
SHA256
726117aa1aebcfd50982ca7f2c732094d278669d3390e84ea5f5b791ee02865f
-
SHA512
c70eae28d978ea0fd9a0967ae0c0bb1b4d32d53762f4f2f4a6cdc77c84ed05b9a314668c131cdb1470d4adb8fe8d719beee7efb0b7d4a294c8987a47140a70a2
-
SSDEEP
384:xU1LS3JJbv1NpwMSI4YauAncwdpOmzwgZVmWa8mfetDysSoDlI:6S3Jl1N2ssomN39z1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4272 IEHelp.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\Internet Explorer\IEHelp.exe 7f8752275db16d2826dc34298bb0ffc2.exe File opened for modification C:\Program Files (x86)\Internet Explorer\IEHelp.exe 7f8752275db16d2826dc34298bb0ffc2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4172 7f8752275db16d2826dc34298bb0ffc2.exe 4272 IEHelp.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4172 wrote to memory of 4272 4172 7f8752275db16d2826dc34298bb0ffc2.exe 86 PID 4172 wrote to memory of 4272 4172 7f8752275db16d2826dc34298bb0ffc2.exe 86 PID 4172 wrote to memory of 4272 4172 7f8752275db16d2826dc34298bb0ffc2.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f8752275db16d2826dc34298bb0ffc2.exe"C:\Users\Admin\AppData\Local\Temp\7f8752275db16d2826dc34298bb0ffc2.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4172 -
C:\Program Files (x86)\Internet Explorer\IEHelp.exe"C:\Program Files (x86)\Internet Explorer\IEHelp.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4272
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD57f8752275db16d2826dc34298bb0ffc2
SHA16054564884a40da4ad41515606236fe3d77b6805
SHA256726117aa1aebcfd50982ca7f2c732094d278669d3390e84ea5f5b791ee02865f
SHA512c70eae28d978ea0fd9a0967ae0c0bb1b4d32d53762f4f2f4a6cdc77c84ed05b9a314668c131cdb1470d4adb8fe8d719beee7efb0b7d4a294c8987a47140a70a2
-
Filesize
1KB
MD568a15b1217391fe160ce2baab9fe80c2
SHA160a90f07515c6e39c9d4d6d7084f7960775af01b
SHA25637e79cd41c9b19fbc02454d7defe8c1a3bde4b1ee9f9e217bc53593781b6f0e1
SHA51213f216e1af9e62f80e2db72a14f6da56efdf36c7b06e5d46b87937630d610086d966ed5c1bdeda9ddea70ad992e83291ca5510387fdc3a2dd6a034cdc96fc3bd