Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 21:57
Static task
static1
Behavioral task
behavioral1
Sample
6a3f3d12317a00d68cdd147169dcac20644e9b0fec3252efc0cb9f0fc02e4a51.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6a3f3d12317a00d68cdd147169dcac20644e9b0fec3252efc0cb9f0fc02e4a51.exe
Resource
win10v2004-20240226-en
General
-
Target
6a3f3d12317a00d68cdd147169dcac20644e9b0fec3252efc0cb9f0fc02e4a51.exe
-
Size
128KB
-
MD5
a6b17e27a9f49c5cb8fc027ce51878bd
-
SHA1
333fee39975785ce9ce1dad4b6932f00f36fee18
-
SHA256
6a3f3d12317a00d68cdd147169dcac20644e9b0fec3252efc0cb9f0fc02e4a51
-
SHA512
cc9a8781d3532c01653749fd5c066a9a33f0ee634a6b82ce474cca0dc80f9690195c18478945cf0e51aac9e1a7ae9ade328289e2b1015bed7f82fbde05366433
-
SSDEEP
3072:bl9X4ATRtqdEY82XLT79O6W/0aC0VrETTrDFzH38dkjJb:x9ZtqqY82X3RObR4frxzsdkjJb
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 1640 ujnwrxk.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\ujnwrxk.exe 6a3f3d12317a00d68cdd147169dcac20644e9b0fec3252efc0cb9f0fc02e4a51.exe File created C:\PROGRA~3\Mozilla\klvnttl.dll ujnwrxk.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2856 wrote to memory of 1640 2856 taskeng.exe 31 PID 2856 wrote to memory of 1640 2856 taskeng.exe 31 PID 2856 wrote to memory of 1640 2856 taskeng.exe 31 PID 2856 wrote to memory of 1640 2856 taskeng.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a3f3d12317a00d68cdd147169dcac20644e9b0fec3252efc0cb9f0fc02e4a51.exe"C:\Users\Admin\AppData\Local\Temp\6a3f3d12317a00d68cdd147169dcac20644e9b0fec3252efc0cb9f0fc02e4a51.exe"1⤵
- Drops file in Program Files directory
PID:1968
-
C:\Windows\system32\taskeng.exetaskeng.exe {67F95082-B5F0-4313-8350-61E5D3277E9C} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\PROGRA~3\Mozilla\ujnwrxk.exeC:\PROGRA~3\Mozilla\ujnwrxk.exe -eagoxym2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1640
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD592bcb0fc24124dc7fbd340c4c4562c28
SHA17115d8a8f611d0a8e792f29ad7c39471c2b2678a
SHA256f792d0038de8f5549d215dbd5ceb70cae01b24119fc7e0c83d2bd9d08b37073f
SHA512b5c645f2dd0f0d7e04132f2854b0d9c5522d97d67267374288023c68200b5f440d32589b06a96d919bba32c87edc0f3d602aec5fd7b6d6bfd0e757750ef2b290