Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/04/2024, 18:21

General

  • Target

    07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe

  • Size

    136KB

  • MD5

    e792dc5fb4806a27ef7dbd620e2ec164

  • SHA1

    228eb332c79349150ba6b6a009099dccce1b8070

  • SHA256

    07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a

  • SHA512

    f670e27261d93f37e064e33c98c0d9a62d658266e93ed4a24707b6067231ce2d3653e8edb38794627ffd87f4211b34619cb669f82e1f789b72a1b4bb3a779fdb

  • SSDEEP

    3072:q99X4ATRtqdEY82XLT79O6W/0aC0VrETTrDFzH38dkjJy:E9ZtqqY82X3RObR4frxzsdkjJy

Score
8/10

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe
    "C:\Users\Admin\AppData\Local\Temp\07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4872
  • C:\PROGRA~3\Mozilla\jhifwqk.exe
    C:\PROGRA~3\Mozilla\jhifwqk.exe -zmqutfb
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:3832
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4932

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Mozilla\jhifwqk.exe

      Filesize

      136KB

      MD5

      dc778ac7687dc9b48a3f3c0324d4d2a8

      SHA1

      f8b03a354a6555fb9157d747aa382026662aba92

      SHA256

      231523b8141d4a72423a6b45a8e233e1a3c80802605a211de510a3c3cfac3398

      SHA512

      a82ac7ba7c2a439c88164b0e3582971c33be25545d2e8594248d5de0f511d838e3ba645dc8ea2e0332a4000f195ed6ebae9448018652ecaaebaded20e5894f67

    • memory/3832-11-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

    • memory/3832-12-0x0000000000C90000-0x0000000000CEB000-memory.dmp

      Filesize

      364KB

    • memory/3832-18-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

    • memory/4872-0-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

    • memory/4872-1-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB

    • memory/4872-2-0x00000000020C0000-0x000000000211B000-memory.dmp

      Filesize

      364KB

    • memory/4872-10-0x0000000000400000-0x0000000000424000-memory.dmp

      Filesize

      144KB