Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 00:01
Static task
static1
Behavioral task
behavioral1
Sample
a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe
Resource
win10v2004-20231215-en
General
-
Target
a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe
-
Size
32KB
-
MD5
8c193a8f0c706fd5901f7a0cb5654e3d
-
SHA1
a0b59b32047808ec9fec8eed11196deeecd9d46f
-
SHA256
a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1
-
SHA512
9d0e36346584cb94af6db85528dfafac9922499f03860595fe88afe2daa5b1bcba1cd4a51dfaf1dcf29fe56e07d39816428642961552f99a0c23a88f801cdc5c
-
SSDEEP
384:Q98xUHQGTRO9mIy4Ng8zLeiQerUSreM1wRZn5jUa+jm71T+eE1DiRMECQv/Swg:Tw3TRid/gopVrDDa+jO1T+/1sCwSwg
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\wscsvc = "C:\\Users\\Admin\\AppData\\Local\\wscsvc.exe" regedit.exe -
Runs .reg file with regedit 1 IoCs
pid Process 2500 regedit.exe -
Suspicious behavior: RenamesItself 2 IoCs
pid Process 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2500 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 28 PID 2916 wrote to memory of 2500 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 28 PID 2916 wrote to memory of 2500 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 28 PID 2916 wrote to memory of 2500 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 28 PID 2916 wrote to memory of 2500 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 28 PID 2916 wrote to memory of 2500 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 28 PID 2916 wrote to memory of 2500 2916 a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe"C:\Users\Admin\AppData\Local\Temp\a52f49a474e12be266b78b90e88362d7bcc9dcdee65237c597ab3129e88555b1.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg2⤵
- Adds Run key to start application
- Runs .reg file with regedit
PID:2500
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5b0dab109cb6bebaeaedd87a430a9cf97
SHA132574dfef7946bdd551fb29511444c1cd816e85e
SHA2560a6de028b0956ced750c7283105aabaf8db111ec650d48980ded7a4e3f293bdb
SHA51227103cbda01ffe2eee413be350145fdd6bc8d94066e14eae21a074839576dc7f880711d5dfdf5dc48096b00c64663e2aaa0ad54838b39a9ca5506f80053fa93f
-
Filesize
164B
MD55b70d696d5cf6dc97150c200262d95cf
SHA1374eeb8811bb6d0cfa31b70974d9fce39cf5a90e
SHA256ebb66003c71a7b1a9e1dfcbb2e9791e87fd7b57b53b2795e21419828cbee95e7
SHA512371b96751b4b2ff785c44042f0b579f903a42594e2e32c1271f0fab7393a70bc1ea02396596ed8a8959266ce045df578a7bc634c77cd2c04a81784e058cd5bac