Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
155s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/03/2024, 10:38
Static task
static1
Behavioral task
behavioral1
Sample
b7368dd122603bed29fec5b82265c609.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b7368dd122603bed29fec5b82265c609.exe
Resource
win10v2004-20240226-en
General
-
Target
b7368dd122603bed29fec5b82265c609.exe
-
Size
140KB
-
MD5
b7368dd122603bed29fec5b82265c609
-
SHA1
a18251d99908525f9e267146d1c02a14308eba09
-
SHA256
c8fbeaada8d1ec3bd622e253848e2c47c55bbef41f950a217162ca1d9e24fbf7
-
SHA512
54ff5bb92f2dd6c0b88f56fc0f4cc63556af82117b4091976b2833a4ae3710e33fd44f9b5fb43f4dc777d1d5aea270a7605a97a7ad9899899bcea090aff7232c
-
SSDEEP
1536:Z6bA6d3s4ggvCNmI33PE6TFmymwcsAuK77fT1ldCNJNcCsEvx1UnoYxuvlwzS5Zp:Z6CzvUI3/SJwcV17fT5CztTU6luIZ
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\Tune-up Application Service.job b7368dd122603bed29fec5b82265c609.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer b7368dd122603bed29fec5b82265c609.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ProcSegment = "1" b7368dd122603bed29fec5b82265c609.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1772 b7368dd122603bed29fec5b82265c609.exe 524 b7368dd122603bed29fec5b82265c609.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1124 wrote to memory of 524 1124 taskeng.exe 31 PID 1124 wrote to memory of 524 1124 taskeng.exe 31 PID 1124 wrote to memory of 524 1124 taskeng.exe 31 PID 1124 wrote to memory of 524 1124 taskeng.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exe"C:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1772
-
C:\Windows\system32\taskeng.exetaskeng.exe {0E5E1DB5-49CE-4FE4-B501-45ABD5A46600} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exeC:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exe2⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:524
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
296B
MD5cf129438a755b00042432e3de0733da5
SHA19b44aa6d0ba073f27afaf7c5d72bec9ad7293148
SHA256570afbc4c8e9d730a9d9384a642c60b7a9e96eaf0c2bcac43e28fec6c4b8950a
SHA51284644a62cc866a42f706817b2aa19c5efb46ac5f94d84d8b614d281c5d2279944acbccb75f9dea551d73a1ec90569b656a9686d7b14317d0505791505c0fc890