Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 18:23
Static task
static1
Behavioral task
behavioral1
Sample
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe
Resource
win10v2004-20240226-en
General
-
Target
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe
-
Size
180KB
-
MD5
e12021fd82eb6f5ceedd204aff7cac61
-
SHA1
f2cbc4b55eb80c5e3346abdc5010c95ff7395ab8
-
SHA256
08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa
-
SHA512
40ad240a03f43983943f58ef153e37ef9c7e207505f22b9b3d5e3cb88d2ad8529029b38ef2d8d0c1d3def3997cebd2d31a229475ceb986268868635b8f7b1e36
-
SSDEEP
3072:6chyinW3ky2yCvryQUFrUUOxjnw89JnszQcJdX9:ain4kB+ZUUOxF52dX9
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2632 iajbwsg.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\iajbwsg.exe 08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe File created C:\PROGRA~3\Mozilla\rnnqqck.dll iajbwsg.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2500 08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe 2632 iajbwsg.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2668 wrote to memory of 2632 2668 taskeng.exe 30 PID 2668 wrote to memory of 2632 2668 taskeng.exe 30 PID 2668 wrote to memory of 2632 2668 taskeng.exe 30 PID 2668 wrote to memory of 2632 2668 taskeng.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe"C:\Users\Admin\AppData\Local\Temp\08e2c4cab6f6714c9684e197ec95e52174bf8d8238bf46ef3656e98ef0e132aa.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2500
-
C:\Windows\system32\taskeng.exetaskeng.exe {ABFDE341-3586-4B3D-B6A8-BAC9CCD2D683} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2668 -
C:\PROGRA~3\Mozilla\iajbwsg.exeC:\PROGRA~3\Mozilla\iajbwsg.exe -zqrqjuc2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2632
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5eab7b4478771f3435d2ccb50a75eb383
SHA1385dd154ddb6ab2e780ad7e01c678e27911fec21
SHA256e8d8f201a323c55349a4a3917917a3799fb9682141e1955abba1163b784c0f5b
SHA5125f0da2096061dc9e513c7e97ad7698f8e406a067abff5b9220143ee1499e8bc5790671b358616858be61309c473dfc2568b310eaa999ecf5f3e6615eb1c81fff