Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 00:02
Static task
static1
Behavioral task
behavioral1
Sample
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe
Resource
win10v2004-20240226-en
General
-
Target
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe
-
Size
145KB
-
MD5
7559bf3cfd57470b2f3966cdb437bc2c
-
SHA1
a73e47fd139fb86ba6e88d584f1e67684625420a
-
SHA256
a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b
-
SHA512
6b6fc3e76e5d3b3f051fb062cbfb57bcaa1504f7316e0736703ddfbe84e3b2bdfe862d649f6dc97c94c59c2660e233288b4e89ed21a5f0b6ac4f8fdb68f09757
-
SSDEEP
3072:+apQLsjnOYOKOpGQ2ly+4yHyisr7O8CMFPv3yJDUKb80v4:+aIsfQ28+4R7T5vrsX4
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2620 dbilzqh.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\dbilzqh.exe a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe File created C:\PROGRA~3\Mozilla\zxoabnc.dll dbilzqh.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2204 wrote to memory of 2620 2204 taskeng.exe 29 PID 2204 wrote to memory of 2620 2204 taskeng.exe 29 PID 2204 wrote to memory of 2620 2204 taskeng.exe 29 PID 2204 wrote to memory of 2620 2204 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe"C:\Users\Admin\AppData\Local\Temp\a5cb0ce193b7041a4c0b899dd0642c6a4816c85bdc28c29d31ae3abc6c50d78b.exe"1⤵
- Drops file in Program Files directory
PID:1296
-
C:\Windows\system32\taskeng.exetaskeng.exe {446108CA-636F-40BF-AE8A-97768ADA40B4} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\PROGRA~3\Mozilla\dbilzqh.exeC:\PROGRA~3\Mozilla\dbilzqh.exe -kwinamg2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD53fa9433b2c1335ef0ed5cf4ee5f9fdab
SHA1cd2a7070fea6b62b1f73d6ec83583d30f6422f07
SHA256d96f663bbf104d673961c4c7862fdaa2fa10311735a2b6159cdd680a384bfcf9
SHA512652afef22abe00782c29144795a7853867312711ebde094d683b5f10991a42b37b7fcc2be7595191b42a462a09741f69a15e0b826e26ab530a064c5a53503be7