Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/03/2024, 04:01
Static task
static1
Behavioral task
behavioral1
Sample
c7a2fc7ac0e77e96dbc7fcd7096ad888.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c7a2fc7ac0e77e96dbc7fcd7096ad888.exe
Resource
win10v2004-20240226-en
General
-
Target
c7a2fc7ac0e77e96dbc7fcd7096ad888.exe
-
Size
585KB
-
MD5
c7a2fc7ac0e77e96dbc7fcd7096ad888
-
SHA1
33410b05b45cdfb880c283848de0edfc9d500475
-
SHA256
cdcc1167b9e739f6d0c7d96ca0d98f069f0a0efa3fcd2bffb301d1cb5effe86d
-
SHA512
1dbf2d9659c71915875fb4c015d9b915f87738ce0b67f0f21a8ea19d0b49af23450c27c2b7d599a327a28b786d61d967db077e4d7b23931f77d3e32fac1ed71e
-
SSDEEP
12288:TK5kZW+oXlolfKzOtzzFRF3Z4mxx0DqVTVOCRU:TC+/YloNDrRQmXjVTzO
Malware Config
Signatures
-
Sets DLL path for service in the registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\test\Parameters\ServiceDll = "C:\\Windows\\system32\\System64.dll" c7a2fc7ac0e77e96dbc7fcd7096ad888.exe -
Loads dropped DLL 1 IoCs
pid Process 1968 svchost.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\System64.dat c7a2fc7ac0e77e96dbc7fcd7096ad888.exe File created C:\Windows\SysWOW64\System64.dll c7a2fc7ac0e77e96dbc7fcd7096ad888.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1072 wrote to memory of 2092 1072 c7a2fc7ac0e77e96dbc7fcd7096ad888.exe 28 PID 1072 wrote to memory of 2092 1072 c7a2fc7ac0e77e96dbc7fcd7096ad888.exe 28 PID 1072 wrote to memory of 2092 1072 c7a2fc7ac0e77e96dbc7fcd7096ad888.exe 28 PID 1072 wrote to memory of 2092 1072 c7a2fc7ac0e77e96dbc7fcd7096ad888.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7a2fc7ac0e77e96dbc7fcd7096ad888.exe"C:\Users\Admin\AppData\Local\Temp\c7a2fc7ac0e77e96dbc7fcd7096ad888.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1072 -
C:\Users\Admin\AppData\Local\Temp\c7a2fc7ac0e77e96dbc7fcd7096ad888.exeC:\Users\Admin\AppData\Local\Temp\c7a2fc7ac0e77e96dbc7fcd7096ad888.exe -Nod322⤵
- Sets DLL path for service in the registry
- Drops file in System32 directory
PID:2092
-
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netservice1⤵
- Loads dropped DLL
PID:1968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81B
MD5e90dd614e9d49dd4d15af8f3bc23138e
SHA196ab2a682171994021ff79f3b1457213b3631f80
SHA25651ff15c1fae0e95704191e28e8a8bc615455420795d2a7d7630fed857d644654
SHA512fe5deade9ea75b3b894d29f60ca39ff9cfb77f219f4f0ba78a14adc17c27b00aa84caa2895c5dee2199b32634ae3dfad6ce191b0cb684620fda12c634fb75ca3
-
Filesize
356KB
MD5db5860a33597ab0c07dfc1db63ae2f18
SHA1090ef07a72a2abb760a93cd91843c40830f28bbc
SHA256fe0111deb680994a2cec676d7a31b70dc1b3f36d54db41046b8f1be5862353b1
SHA5121d37e5df05f04b88f1c46e08de173bd8d9e67035104d07b15ab8064055c98371ccf962408665a32941e9604df69453de84d0d6a21b72f3ce1fe1c5d6d2ff96a0