Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 21:41
Static task
static1
Behavioral task
behavioral1
Sample
62c32bec7f7820a7911def9d75bca77e9e090eef688df3c74ef34cbc3d06ae5b.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
62c32bec7f7820a7911def9d75bca77e9e090eef688df3c74ef34cbc3d06ae5b.exe
Resource
win10v2004-20240319-en
General
-
Target
62c32bec7f7820a7911def9d75bca77e9e090eef688df3c74ef34cbc3d06ae5b.exe
-
Size
134KB
-
MD5
0d896963bd48edd382280871927553fb
-
SHA1
6f8d3b59c0e36205686aa36e4ad252a8c4b36a06
-
SHA256
62c32bec7f7820a7911def9d75bca77e9e090eef688df3c74ef34cbc3d06ae5b
-
SHA512
37825fe7189b951b5c0fdc0686820ef9fb8e95d000731142304399c69845fbf6ad450b8eb9f00417121713a913a1e70a0ca6612ae4a7489a73985737efea1936
-
SSDEEP
3072:DzuS8/QUxm3M0xQsHxo5Wy7vwlsAQPUakK+2YEIIXwj/Q4l1zvHl1:DO/QUx90lSYokKPva/z
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 1720 anhxrcb.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\anhxrcb.exe 62c32bec7f7820a7911def9d75bca77e9e090eef688df3c74ef34cbc3d06ae5b.exe File created C:\PROGRA~3\Mozilla\fqurfhn.dll anhxrcb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2964 wrote to memory of 1720 2964 taskeng.exe 29 PID 2964 wrote to memory of 1720 2964 taskeng.exe 29 PID 2964 wrote to memory of 1720 2964 taskeng.exe 29 PID 2964 wrote to memory of 1720 2964 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\62c32bec7f7820a7911def9d75bca77e9e090eef688df3c74ef34cbc3d06ae5b.exe"C:\Users\Admin\AppData\Local\Temp\62c32bec7f7820a7911def9d75bca77e9e090eef688df3c74ef34cbc3d06ae5b.exe"1⤵
- Drops file in Program Files directory
PID:2896
-
C:\Windows\system32\taskeng.exetaskeng.exe {4281E4C9-7EF1-4B0E-87D3-2C0B862C6500} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\PROGRA~3\Mozilla\anhxrcb.exeC:\PROGRA~3\Mozilla\anhxrcb.exe -wxojhrj2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1720
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134KB
MD5a76dd50f4e4ed24a41f9fa7f10cb3aec
SHA1319de7727ef46577e8593a9dc8c85a910e2c90f6
SHA2564cadd9b8617130285f0f83377192df703ffff77399305b4dc984529d870224c1
SHA51219aa791a0335b50e23d606c2d0047f97e4980cd771175168b649bc26bc3a3e57e80196fcc04f53d1207d51a0b098e173475e0c9217bb6a30cc6a531b8ee1858e