Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
155s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/03/2024, 10:38
General
-
Target
b7368dd122603bed29fec5b82265c609.exe
-
Size
140KB
-
MD5
b7368dd122603bed29fec5b82265c609
-
SHA1
a18251d99908525f9e267146d1c02a14308eba09
-
SHA256
c8fbeaada8d1ec3bd622e253848e2c47c55bbef41f950a217162ca1d9e24fbf7
-
SHA512
54ff5bb92f2dd6c0b88f56fc0f4cc63556af82117b4091976b2833a4ae3710e33fd44f9b5fb43f4dc777d1d5aea270a7605a97a7ad9899899bcea090aff7232c
-
SSDEEP
1536:Z6bA6d3s4ggvCNmI33PE6TFmymwcsAuK77fT1ldCNJNcCsEvx1UnoYxuvlwzS5Zp:Z6CzvUI3/SJwcV17fT5CztTU6luIZ
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exe"C:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskeng.exetaskeng.exe {0E5E1DB5-49CE-4FE4-B501-45ABD5A46600} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exeC:\Users\Admin\AppData\Local\Temp\b7368dd122603bed29fec5b82265c609.exe2⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
296B
MD5cf129438a755b00042432e3de0733da5
SHA19b44aa6d0ba073f27afaf7c5d72bec9ad7293148
SHA256570afbc4c8e9d730a9d9384a642c60b7a9e96eaf0c2bcac43e28fec6c4b8950a
SHA51284644a62cc866a42f706817b2aa19c5efb46ac5f94d84d8b614d281c5d2279944acbccb75f9dea551d73a1ec90569b656a9686d7b14317d0505791505c0fc890