Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04/03/2024, 14:05
Static task
static1
Behavioral task
behavioral1
Sample
b250c295ec5bfe1575a29b350a13f688.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b250c295ec5bfe1575a29b350a13f688.exe
Resource
win10v2004-20240226-en
General
-
Target
b250c295ec5bfe1575a29b350a13f688.exe
-
Size
16KB
-
MD5
b250c295ec5bfe1575a29b350a13f688
-
SHA1
53e9d3a4c431cf61a4bbea7eb35a22ce1f4a07d8
-
SHA256
1b41a17f665da5aa94b2ca75031ade1dd760c8a6bf95e4a5e4cb0563e6200dc5
-
SHA512
cc6e74b5464c087060947aae65482d727cf28a98c3b6821cb06aefb4988f09c54c385fab95ea0958a8d2d755efbfdc2d1526f53f5464e7d8aa4a9cabad06b519
-
SSDEEP
384:7lD5mskFAElC7coxnWRXSWCAc7Hq/Umjcodt6dIY:oFMxWjCtJmJvDY
Malware Config
Signatures
-
Adds policy Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\explorer\run b250c295ec5bfe1575a29b350a13f688.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\nvctrl.exe = "nvctrl.exe" b250c295ec5bfe1575a29b350a13f688.exe -
Loads dropped DLL 2 IoCs
pid Process 1400 b250c295ec5bfe1575a29b350a13f688.exe 1400 b250c295ec5bfe1575a29b350a13f688.exe -
Installs/modifies Browser Helper Object 2 TTPs 6 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} b250c295ec5bfe1575a29b350a13f688.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} b250c295ec5bfe1575a29b350a13f688.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects b250c295ec5bfe1575a29b350a13f688.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22} b250c295ec5bfe1575a29b350a13f688.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\ b250c295ec5bfe1575a29b350a13f688.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} b250c295ec5bfe1575a29b350a13f688.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\hp8BDB.tmp b250c295ec5bfe1575a29b350a13f688.exe File opened for modification C:\Windows\SysWOW64\ncompat.tlb b250c295ec5bfe1575a29b350a13f688.exe File created C:\Windows\SysWOW64\ncompat.tlb b250c295ec5bfe1575a29b350a13f688.exe File created C:\Windows\SysWOW64\interf.tlb b250c295ec5bfe1575a29b350a13f688.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main b250c295ec5bfe1575a29b350a13f688.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Search b250c295ec5bfe1575a29b350a13f688.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchUrl b250c295ec5bfe1575a29b350a13f688.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "about:blank" b250c295ec5bfe1575a29b350a13f688.exe -
Modifies registry class 7 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID b250c295ec5bfe1575a29b350a13f688.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} b250c295ec5bfe1575a29b350a13f688.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}\ = "Nothing" b250c295ec5bfe1575a29b350a13f688.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}\InprocServer32 b250c295ec5bfe1575a29b350a13f688.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}\InprocServer32\ = "C:\\Windows\\SysWow64\\hp8BDB.tmp" b250c295ec5bfe1575a29b350a13f688.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}\InprocServer32\ThreadingModel = "Apartment" b250c295ec5bfe1575a29b350a13f688.exe Key created \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}\InprocServer32 b250c295ec5bfe1575a29b350a13f688.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b250c295ec5bfe1575a29b350a13f688.exe"C:\Users\Admin\AppData\Local\Temp\b250c295ec5bfe1575a29b350a13f688.exe"1⤵
- Adds policy Run key to start application
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
PID:1400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD5aaa4d8f2e5259a64da931b1d99d2a615
SHA1608acb7476ff36f0a7f4254888fe15fa8403097c
SHA256c1951c3add8a86ffff249160c215f1da19c55b25a389856d26925ebe4941732c
SHA5124211beba14922a36284a74526d7cec77b089d225dd624ecd2f335e5880753d70b15e2518c5bda39846cedf94ab2058a0fe07451dc393c327031b86640cc74d8d
-
Filesize
6KB
MD5aa8c73f100420cbdfda7ddc4c036d3b5
SHA1fb9d2a76b38464147cd754dafd50878b869876ff
SHA25654db2eb0c7e7bf1b533b58f48a1f1af54fe3df1c2e48de20f1864cc442b5f63b
SHA512e97532d2ced7897e097892de51d36f254d4b01b2ff9c9bfaee6ff661172acde7837dbb530b129dca0bad9f9c65f0109544f4da73e04f137845ccf21dae10880a