Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 18:17
Static task
static1
Behavioral task
behavioral1
Sample
067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe
Resource
win10v2004-20240226-en
General
-
Target
067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe
-
Size
880KB
-
MD5
5d46e6ab3152bf2b0b5a26334392ba38
-
SHA1
55f839b9985ecfc311cd79e63ad0bcf075328c4f
-
SHA256
067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821
-
SHA512
9d39da86309cfcf9cc2751cf7a5f94b63309b79d63893d22b4aed136e6d8981dcfa0046c17ac716a6bac3e7a81100fd2a09bdee7323dd5dbeb80b1f15df8d172
-
SSDEEP
3072:MGjhaq5iL0beJQZt32wLji5DlsODxRPNDkjJHzW9hUd56JsuBSjwA2i1vP2i1a1T:Hha8iAx+1zwjJHd6vB/ANMQAnHt
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\GGAAAG_LOADER = "C:\\Windows\\system32\\GAAG.exe" 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\FifefoxUpdater = "C:\\Windows\\system32\\FifefoxUpdater.scr" 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WinSevenUpdater = "C:\\Windows\\system32\\AVSCANNER.EXE" 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe -
Drops file in System32 directory 6 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\GAAG.exe 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe File created C:\Windows\SysWOW64\FifefoxUpdater.scr 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe File opened for modification C:\Windows\SysWOW64\FifefoxUpdater.scr 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe File created C:\Windows\SysWOW64\AVSCANNER.EXE 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe File opened for modification C:\Windows\SysWOW64\AVSCANNER.EXE 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe File created C:\Windows\SysWOW64\GAAG.exe 067ace70807712bdc6d0f2b202579ccf3c46ac64d95fd2ba7d7b840c0c15e821.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
890KB
MD5f755b4e86403f6c02998641b0528a30f
SHA144f58eea5e15500443b78fa16c1e5374e6f65d6c
SHA2568aa8bb4be42641f4fa0c3604c68b190389c5720f59cf5f62eaf434d86cf9949e
SHA512ca7a5ed5ea03851a621710ff0a28bc9f66dac9383fc861245d4730b58fa387fcd063d20ad4cd418466156f11b1ef8920f4941a435d42f680ce63e603ffd4c2a0