Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 18:15
Static task
static1
Behavioral task
behavioral1
Sample
052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089.exe
Resource
win10v2004-20240319-en
General
-
Target
052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089.exe
-
Size
233KB
-
MD5
aff74fbea0ac732b034d9d3bc4101f7d
-
SHA1
8c215ddebba01f0c63fba345b33f2cdfbc7c5bb0
-
SHA256
052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089
-
SHA512
491ad0086ad4cdd22bfebc06ac7bfc1a934fb6f1def034e7744bf0026c76f7662f21c931baf1fcc0b3184596a7a8bd1e9fb120281279f9b3c3b2150c248ef0a8
-
SSDEEP
3072:1xGcwApj6FHzId1WmJ+UrdoI5iCCWm2x5wa3ny/7LsMaP8TxaTYe:1xxpjAHzId1MUeI4CdRYa3ny/7mP88
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2052 xobykzk.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\xobykzk.exe 052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089.exe File created C:\PROGRA~3\Mozilla\yvzxgmj.dll xobykzk.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 3024 052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089.exe 2052 xobykzk.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2976 wrote to memory of 2052 2976 taskeng.exe 29 PID 2976 wrote to memory of 2052 2976 taskeng.exe 29 PID 2976 wrote to memory of 2052 2976 taskeng.exe 29 PID 2976 wrote to memory of 2052 2976 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089.exe"C:\Users\Admin\AppData\Local\Temp\052afe5a2734aec7ab6c4e3e847f322ff11e7ed63a85baa9b185dbbbb658a089.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:3024
-
C:\Windows\system32\taskeng.exetaskeng.exe {E78D1E7E-674B-429F-AB9C-3430F23C017E} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\PROGRA~3\Mozilla\xobykzk.exeC:\PROGRA~3\Mozilla\xobykzk.exe -clyupje2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
PID:2052
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
233KB
MD5e7d9c85911ddef9c8a6689a2502c1f59
SHA149f8fa5f1b72ff76a818a056fad706d4c472b69f
SHA25613575da0e77a7e764503dcb592b7f4bf42b9f260bae2ce45e0caf43c2eb6d398
SHA51240a9c8f98a9bef9770933ec8f753fbf367bdf14371b673d5313fb25bf9b724e7807aa70a797b6b4d03cd8c5cdfc406fff29961d3af57a8b0c834a5ec918db134