Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 23:23
Static task
static1
Behavioral task
behavioral1
Sample
90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e.exe
Resource
win10v2004-20240226-en
General
-
Target
90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e.exe
-
Size
299KB
-
MD5
cc10d0a30fc1c5c2312627ff7141cb43
-
SHA1
00fa2020be4293e95b0666b5435f1b3f76ccea89
-
SHA256
90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e
-
SHA512
7891fb75c01e88c47b8d065daff7d3f9963a116334ce15369ca19f04943a7655172ce9924645fb698ea062558365238e839f70f41421f10ef92eb7bf48c7e553
-
SSDEEP
6144:xbF3pSw85DxsoKrlrPE3TtaoybMSeLng4T8:xB3/YxsoKrlriTpSeLndT8
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2676 mgbxiii.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\iudaoda.dll mgbxiii.exe File created C:\PROGRA~3\Mozilla\mgbxiii.exe 90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2740 90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e.exe 2676 mgbxiii.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2680 wrote to memory of 2676 2680 taskeng.exe 29 PID 2680 wrote to memory of 2676 2680 taskeng.exe 29 PID 2680 wrote to memory of 2676 2680 taskeng.exe 29 PID 2680 wrote to memory of 2676 2680 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e.exe"C:\Users\Admin\AppData\Local\Temp\90eaffceff842f9a1f1eef8fb84e5d1f995a1592c371e039fc90b42754aded8e.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2740
-
C:\Windows\system32\taskeng.exetaskeng.exe {355AEF1A-18A0-4054-8895-9D27A5FE4E0D} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\PROGRA~3\Mozilla\mgbxiii.exeC:\PROGRA~3\Mozilla\mgbxiii.exe -ccvrhxi2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2676
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
299KB
MD58aeb27dbda97ec5f94a3c3dc85abcf7b
SHA15cb21fb7ad8303fd0de2472012464799ed9da4d2
SHA256c142293461ce70006fe37e05278030b92f2386b0aca1c6da28bc77d4265a8f00
SHA5126fa125961fceeb21e413aedd1c318b453388582eb5ee63508413ea90612664a3f848bba109b4c0f114ab427e4670da00870123d2639032dad21dad13f33e8aef