Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 00:04
Static task
static1
Behavioral task
behavioral1
Sample
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe
Resource
win10v2004-20240226-en
General
-
Target
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe
-
Size
294KB
-
MD5
1aa6ba1492260ac57efa79844453071e
-
SHA1
df88da561fd0f601835d5b2c3596ff8403b86cb7
-
SHA256
a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc
-
SHA512
cb4b9ed1a901a225815ee6dee22d0471406a207af681a9839240313c47c67b95758d382734804214aadbd661b6c122d058fe84bf93fd9fdd6d67a141f7122233
-
SSDEEP
6144:3CYJ0xABvBdKFb7204ANePzM5dg999999999V99999999999b89TSbGqJB:yYCxabKJ727RPzM5G999999999V99991
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2508 dbilzqh.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\dbilzqh.exe a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe File created C:\PROGRA~3\Mozilla\zxoabnc.dll dbilzqh.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1740 a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe 2508 dbilzqh.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3032 wrote to memory of 2508 3032 taskeng.exe 29 PID 3032 wrote to memory of 2508 3032 taskeng.exe 29 PID 3032 wrote to memory of 2508 3032 taskeng.exe 29 PID 3032 wrote to memory of 2508 3032 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe"C:\Users\Admin\AppData\Local\Temp\a69981a878709618f303c86cbd049a173cea8270aeac6fbffee91e7e80dd6afc.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:1740
-
C:\Windows\system32\taskeng.exetaskeng.exe {5A5B34DD-27FA-4447-B287-7EBA640C83D9} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\PROGRA~3\Mozilla\dbilzqh.exeC:\PROGRA~3\Mozilla\dbilzqh.exe -kwinamg2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2508
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
294KB
MD50936f6a6e29c04c7b04992f710489c52
SHA1d037928930275ab3280eaec739d790b54f5c8c05
SHA256fa02ca6db00c07400929f7ca37bf2d57c65d05b777e1cd86e8b10585465542ad
SHA5122b3d63251e8ace444481403af20aad88df14aaa81cb782f3c2c2f2c42c026e697f9111066cd8ca71d8d68f47dd6fd710e70b2d2bdb7c003b239a142436e8a5c1