Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
124s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/02/2024, 09:01
Static task
static1
Behavioral task
behavioral1
Sample
96c6eadca7e2d7b618f5dd924b37fe0a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
96c6eadca7e2d7b618f5dd924b37fe0a.exe
Resource
win10v2004-20231222-en
General
-
Target
96c6eadca7e2d7b618f5dd924b37fe0a.exe
-
Size
304KB
-
MD5
96c6eadca7e2d7b618f5dd924b37fe0a
-
SHA1
6648a7b39466892f58dd10462bf06e5a83484ae2
-
SHA256
4642428a97735be8232efcb4f673c955a1eac65290987f28810d045a94f3b67e
-
SHA512
2ff3dbe35b553c6d34b0c40f9bd5f00a27977859995cd7205f5082d7c719faca88c6ea97d3c7df0c9b684a1898491036597219ee7aba3dead94f946b97a891bb
-
SSDEEP
6144:a8hg7V2//I/LOpqLV5HxY3R5n62+kxiO/bE:aCkVg/I68V5HxY3b6V+iO
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\WINDOWS\system32\drivers\etc\service5.ini 96c6eadca7e2d7b618f5dd924b37fe0a.exe -
Loads dropped DLL 3 IoCs
pid Process 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe -
Drops file in Program Files directory 8 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\RCXC41A.tmp 96c6eadca7e2d7b618f5dd924b37fe0a.exe File opened for modification C:\Program Files\Windows NT\sms_log.txt 96c6eadca7e2d7b618f5dd924b37fe0a.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.txt 96c6eadca7e2d7b618f5dd924b37fe0a.exe File opened for modification C:\Program Files\Windows NT\service6.ini 96c6eadca7e2d7b618f5dd924b37fe0a.exe File created C:\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe 96c6eadca7e2d7b618f5dd924b37fe0a.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe 96c6eadca7e2d7b618f5dd924b37fe0a.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe 96c6eadca7e2d7b618f5dd924b37fe0a.exe File created C:\Program Files (x86)\Microsoft Office\Office14\temp.txt 96c6eadca7e2d7b618f5dd924b37fe0a.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main 96c6eadca7e2d7b618f5dd924b37fe0a.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe 2212 96c6eadca7e2d7b618f5dd924b37fe0a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\96c6eadca7e2d7b618f5dd924b37fe0a.exe"C:\Users\Admin\AppData\Local\Temp\96c6eadca7e2d7b618f5dd924b37fe0a.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2212
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
308KB
MD533e6d54df6223c195072ed139881fdb8
SHA11b4ca928713ab45a78c2ba989cad31e39bb581bf
SHA25660ed8e339c5b30ead1ed1b1fae6b5549a3ec43e73c016013f3fdfc7a125756c5
SHA51209b0ca0fd5f45c714d1893e9b4bea197b2bf3ecfc8f556274f689e6b044a36aaef521fe3f14b593aeb38e387a41e7804958a3721f15348fd0c970702fbcd3788
-
Filesize
89KB
MD5901aa7a38ce13f14b6bbec38c0595698
SHA16abd81a46557f72680eb9e5fc74223b8c9c32088
SHA2561e95f2048e2a1782807d52e9816ed267355718e24d01ff07ace73d965ede388a
SHA51234bb4f656423021873363ec8dd1908fd1d01017e607ff8bc79fea3176ffb18f3281dcf21f7bedcd96c4ddbcff70bb2943435a18e31ddfb6f6c5bd226bf901672