Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 15:25

General

  • Target

    8cae2dad61468a6f06532c0b3c31dc2f.exe

  • Size

    41KB

  • MD5

    8cae2dad61468a6f06532c0b3c31dc2f

  • SHA1

    9853e991c624e28d895b1987e6f55d6f84b28111

  • SHA256

    3b938923d8848cd0a5214af4de490023fa15804ab6b4a43a9f1349d4091fb91e

  • SHA512

    4355a245daa5bd55ab12975bf601d5326db8704fee2b66c31e30c910316b64fc1cd00def8547610b541b6aecc9850f67170d6ada245755c382e69286c6fae535

  • SSDEEP

    768:kpMgLdU/NZk+prtZdGeFh9IbJyEkL3m7geHf+5qx8MT0ez8MOp4+0AaQyFZ:0MgLUNZk+zxhOQY7geSc8sl4MU4+Hu

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cae2dad61468a6f06532c0b3c31dc2f.exe
    "C:\Users\Admin\AppData\Local\Temp\8cae2dad61468a6f06532c0b3c31dc2f.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\ctfmons.exe
      "C:\Windows\system32\ctfmons.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2448
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c dEl C:\Windows\SysWOW64\ctfmons.exe > nul
        3⤵
          PID:2680
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c dEl C:\Users\Admin\AppData\Local\Temp\8CAE2D~1.EXE > nul
        2⤵
        • Deletes itself
        PID:2732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\drivers\beep.sys

      Filesize

      4KB

      MD5

      3d00f7839900257e673e9a1735f7b401

      SHA1

      286a7c3e74951e1b0cee224a49518d923d5999a6

      SHA256

      5b64c0ff485ce9ca1710e1fc935a41f70b1d758bb2a51ab7caeddc5a770ef850

      SHA512

      c44a859e5d85d3473376639d80588902e3354ed416be34fd2f868202012cdbe76ce061acafc48b0eac279c3d0933a24f9d9b6fdaf0f1d569af7551999726ee5b

    • \Windows\SysWOW64\ctfmons.exe

      Filesize

      41KB

      MD5

      8cae2dad61468a6f06532c0b3c31dc2f

      SHA1

      9853e991c624e28d895b1987e6f55d6f84b28111

      SHA256

      3b938923d8848cd0a5214af4de490023fa15804ab6b4a43a9f1349d4091fb91e

      SHA512

      4355a245daa5bd55ab12975bf601d5326db8704fee2b66c31e30c910316b64fc1cd00def8547610b541b6aecc9850f67170d6ada245755c382e69286c6fae535