Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system -
submitted
07/04/2024, 18:21
Static task
static1
Behavioral task
behavioral1
Sample
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe
Resource
win10v2004-20240319-en
General
-
Target
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe
-
Size
136KB
-
MD5
e792dc5fb4806a27ef7dbd620e2ec164
-
SHA1
228eb332c79349150ba6b6a009099dccce1b8070
-
SHA256
07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a
-
SHA512
f670e27261d93f37e064e33c98c0d9a62d658266e93ed4a24707b6067231ce2d3653e8edb38794627ffd87f4211b34619cb669f82e1f789b72a1b4bb3a779fdb
-
SSDEEP
3072:q99X4ATRtqdEY82XLT79O6W/0aC0VrETTrDFzH38dkjJy:E9ZtqqY82X3RObR4frxzsdkjJy
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 3832 jhifwqk.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\jhifwqk.exe 07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe File created C:\PROGRA~3\Mozilla\biclnte.dll jhifwqk.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe"C:\Users\Admin\AppData\Local\Temp\07ba35f780682644df2db6af113404e5f42d57ffdac81a113d242a217603435a.exe"1⤵
- Drops file in Program Files directory
PID:4872
-
C:\PROGRA~3\Mozilla\jhifwqk.exeC:\PROGRA~3\Mozilla\jhifwqk.exe -zmqutfb1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2228,i,8155065313278028490,17854605419281052753,262144 --variations-seed-version /prefetch:81⤵PID:4932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
MD5dc778ac7687dc9b48a3f3c0324d4d2a8
SHA1f8b03a354a6555fb9157d747aa382026662aba92
SHA256231523b8141d4a72423a6b45a8e233e1a3c80802605a211de510a3c3cfac3398
SHA512a82ac7ba7c2a439c88164b0e3582971c33be25545d2e8594248d5de0f511d838e3ba645dc8ea2e0332a4000f195ed6ebae9448018652ecaaebaded20e5894f67