Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
12/02/2024, 10:39
Static task
static1
Behavioral task
behavioral1
Sample
96f4ab5b8f0f34ba220c67ff076d8c39.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
96f4ab5b8f0f34ba220c67ff076d8c39.exe
Resource
win10v2004-20231222-en
General
-
Target
96f4ab5b8f0f34ba220c67ff076d8c39.exe
-
Size
570KB
-
MD5
96f4ab5b8f0f34ba220c67ff076d8c39
-
SHA1
a9de2ef2080d31a7bb988bd03715cdfad157f521
-
SHA256
11b55d3f2d3d9e31080b00591a70f8657c8d197f811ff593b36fc356424d0262
-
SHA512
ce478b3f5f36bd10c330f44c844253cd6066f5e1c6b0b6df126aad0b9545bf7fd249f4cdc5b7bc48dade5ceb5615b75317d3993a2fb9a1e8653f4b8b05d0e8a2
-
SSDEEP
12288:MJtxXpzNquXxf52Tp48Dskkl/nmXqY7EglxLthdM7W3vDbU:wt7JDB52lf3w+XqY7NlZdiiU
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 96f4ab5b8f0f34ba220c67ff076d8c39.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum 96f4ab5b8f0f34ba220c67ff076d8c39.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 96f4ab5b8f0f34ba220c67ff076d8c39.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main 96f4ab5b8f0f34ba220c67ff076d8c39.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe Token: SeIncBasePriorityPrivilege 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe 2972 96f4ab5b8f0f34ba220c67ff076d8c39.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\96f4ab5b8f0f34ba220c67ff076d8c39.exe"C:\Users\Admin\AppData\Local\Temp\96f4ab5b8f0f34ba220c67ff076d8c39.exe"1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2972