Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b9677be932...e4.exe

windows7-x64

10

b9677be932...e4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9677be932d8c91f5518d6c45c1f21e4.exe

  • Size

    148KB

  • MD5

    b9677be932d8c91f5518d6c45c1f21e4

  • SHA1

    763170e1e9ec9ca356c2a1bb96f3dc53021967a0

  • SHA256

    4cc54c7f3d92ff0942437b5522a2f710cd8e6ad59cfbc13cc9802f6dce998e1a

  • SHA512

    b017c43b7e6ad0b88f56e5bdd4a600e57a6714e8032edca229ff6ffeef64451592048031a658256908ff61a089b02c905db9a178145002ede74e8534b6b32527

  • SSDEEP

    1536:OHQ9HTJKqOeOgrfnc6jHTJKqOtCUg7zRkevioOaJKd2:hTJK52rU8TJK5tg7NkMiraJKd

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9677be932d8c91f5518d6c45c1f21e4.exe
    "C:\Users\Admin\AppData\Local\Temp\b9677be932d8c91f5518d6c45c1f21e4.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Windows\SysWOW64\attrib.exe
      attrib d:\log +h +s
      2⤵
      • Sets file to hidden
      • Views/modifies file attributes
      PID:2196
    • C:\Windows\SysWOW64\attrib.exe
      attrib C:\Windows\system32\smss .exe +h +s
      2⤵
      • Sets file to hidden
      • Drops file in System32 directory
      • Views/modifies file attributes
      PID:4232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\smss .exe
    Filesize

    148KB

    MD5

    b9677be932d8c91f5518d6c45c1f21e4

    SHA1

    763170e1e9ec9ca356c2a1bb96f3dc53021967a0

    SHA256

    4cc54c7f3d92ff0942437b5522a2f710cd8e6ad59cfbc13cc9802f6dce998e1a

    SHA512

    b017c43b7e6ad0b88f56e5bdd4a600e57a6714e8032edca229ff6ffeef64451592048031a658256908ff61a089b02c905db9a178145002ede74e8534b6b32527

    Download Submit