Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
04/03/2024, 14:01
Static task
static1
Behavioral task
behavioral1
Sample
b24e56406167cb4cb867caa07ccdbc62.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b24e56406167cb4cb867caa07ccdbc62.exe
Resource
win10v2004-20240226-en
General
-
Target
b24e56406167cb4cb867caa07ccdbc62.exe
-
Size
67KB
-
MD5
b24e56406167cb4cb867caa07ccdbc62
-
SHA1
9f28a7f305c84b29c2e615ee814d99e660993b81
-
SHA256
e07d2fe13ff0877fbf1b883e8ba29381a1925fa1b7e1d31caa98737973b89c4f
-
SHA512
beb9c343e0a4ac4fb36197915063faa10b419691069c73672b3dae37c14275e8be098d1ef584e5dc21d9609880100dbf7876d72c61cfe632d6da00c354075b15
-
SSDEEP
1536:pvYKJoteon6I/FDq7BdKCPsttEWi2Ny6Z8ofPatOl+JOpTM:RdJweo6SO7BsCPTP2NytoGslM
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1772 b24e56406167cb4cb867caa07ccdbc62.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\Java = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b24e56406167cb4cb867caa07ccdbc62.exe" b24e56406167cb4cb867caa07ccdbc62.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 1772 set thread context of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 2312 set thread context of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2584 b24e56406167cb4cb867caa07ccdbc62.exe -
Suspicious use of WriteProcessMemory 17 IoCs
description pid Process procid_target PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 1772 wrote to memory of 2312 1772 b24e56406167cb4cb867caa07ccdbc62.exe 28 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29 PID 2312 wrote to memory of 2584 2312 b24e56406167cb4cb867caa07ccdbc62.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1772 -
C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"C:\Users\Admin\AppData\Local\Temp\b24e56406167cb4cb867caa07ccdbc62.exe"3⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2584
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD53880aef024abe7cca3ecb15767f421d0
SHA1926a21081dd46c9b45b167f3a546289dd0fc7a70
SHA256af98bc11be94606f859b595fdd977f904c3cba2a48017fdcf54c3b6170534811
SHA512f0f5acee55bb65d0e26d9e89e118c9399347bfcd56039e140af904aa5dffe519c13bff47bc1bfa08163ddab1b6712e6867f18379b878a7623b4b1d030a26c15e