Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    proecess_tweak.exe

  • Size

    152KB

  • Sample

    240406-sjr6kadf37

  • MD5

    405e17f3d0148a762938a52155cceec3

  • SHA1

    a01e3615c65caf0349302176f8fe06c0287220ff

  • SHA256

    6047361195df841490029d548ec39d414f6df48d1f0b1bbfb8bf0c7a697fff5a

  • SHA512

    3dda3321d16132bd8ad3299b37d1331eeb69acb402168ec3be9fcab787ad49adb253f1744b27ac24380d3a5bb9fbad8a8e37fc02b3bc509972447d18f080da3d

  • SSDEEP

    3072:ovGyYiSDnt1M5GWp1icKAArDZz4N9GhbkrNEk1Sq4:M4Op0yN90QEp

Score
10/10

Malware Config

Targets

    • Target

      proecess_tweak.exe

    • Size

      152KB

    • MD5

      405e17f3d0148a762938a52155cceec3

    • SHA1

      a01e3615c65caf0349302176f8fe06c0287220ff

    • SHA256

      6047361195df841490029d548ec39d414f6df48d1f0b1bbfb8bf0c7a697fff5a

    • SHA512

      3dda3321d16132bd8ad3299b37d1331eeb69acb402168ec3be9fcab787ad49adb253f1744b27ac24380d3a5bb9fbad8a8e37fc02b3bc509972447d18f080da3d

    • SSDEEP

      3072:ovGyYiSDnt1M5GWp1icKAArDZz4N9GhbkrNEk1Sq4:M4Op0yN90QEp

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks