Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18/03/2024, 14:41
General
-
Target
d3c30a0eae56673d073fb5b5a2f3c62c.exe
-
Size
64KB
-
MD5
d3c30a0eae56673d073fb5b5a2f3c62c
-
SHA1
ddef40f396f1a9c29677404d70596dff625ef909
-
SHA256
b2d4457f7d9c5bce541982a0dfce52d05088e1e7be2b07d87e32b98b1d456c3b
-
SHA512
a9c74ef35462eebff781a638d6a7b666135fdc8eff026de327fce18dc506211a59014f46b96de6b7744fbf2468d1ebd7846356f19e6cf47ec5e008ff7b10607b
-
SSDEEP
768:dDJLpNn7eE9kyXDOiYKpMttNa9E4uVeRt6c/LjsrGeunHeuWYjGtcZfdZ0Xv1aeJ:VVp+enSN+AVeLDjs6ucLZ0Xv1ouZsvV
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d3c30a0eae56673d073fb5b5a2f3c62c.exe"C:\Users\Admin\AppData\Local\Temp\d3c30a0eae56673d073fb5b5a2f3c62c.exe"1⤵
- Checks whether UAC is enabled
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\HRY6HMMFD3Wmsi.exe"C:\Windows\HRY6HMMFD3Wmsi.exe" wb2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5abac1aafcb93bf0f111b670cad5531a0
SHA1ae5addd9dfe4f0fe4ebe8fa82250631ffe529b60
SHA2567009aec1d769bae1e0f900f0ba7922785e2f645be9d1f52c93e030395313d68d
SHA512cf5bece7df80b9d721a0df6271181aea7717edb312a4f1b9cb1634d90394edff1327d6c34ba7e1e0f7f206971150a369fb18120a18e396bd1f8a8c087e945a15