Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 18:21
Static task
static1
Behavioral task
behavioral1
Sample
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe
Resource
win10v2004-20240319-en
General
-
Target
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe
-
Size
136KB
-
MD5
e792dc5fb4806a27ef7dbd620e2ec164
-
SHA1
228eb332c79349150ba6b6a009099dccce1b8070
-
SHA256
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a
-
SHA512
f670e27261d93f37e064e33c98c0d9a62d658266e93ed4a24707b6067231ce2d3653e8edb38794627ffd87f4211b34619cb669f82e1f789b72a1b4bb3a779fdb
-
SSDEEP
3072:q99X4ATRtqdEY82XLT79O6W/0aC0VrETTrDFzH38dkjJy:E9ZtqqY82X3RObR4frxzsdkjJy
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 1664 tbckyxk.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\tbckyxk.exe 07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe File created C:\PROGRA~3\Mozilla\newtrln.dll tbckyxk.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1784 wrote to memory of 1664 1784 taskeng.exe 29 PID 1784 wrote to memory of 1664 1784 taskeng.exe 29 PID 1784 wrote to memory of 1664 1784 taskeng.exe 29 PID 1784 wrote to memory of 1664 1784 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe"C:\Users\Admin\AppData\Local\Temp\07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe"1⤵
- Drops file in Program Files directory
PID:1300
-
C:\Windows\system32\taskeng.exetaskeng.exe {3ED2D991-848E-479D-BF56-6FBCAEBA318E} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\PROGRA~3\Mozilla\tbckyxk.exeC:\PROGRA~3\Mozilla\tbckyxk.exe -gqpcbye2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1664
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD5f64ec9815798e19b7c8e711a748546d2
SHA14329e8199348ecdda6cb2ca92741dbace81133bd
SHA256f9252381a0790320b61b2886d41323730d1247d8895d52d261e8933e3dc66739
SHA512e0f2b5ca9614bc3c378cd9a75b5af36c5abafa9f289a20d7dfbbd4ba3d3e0adc5074aef004112209c2e9b2ec6ab159207552f269541bd4322efe71af2f286bd9