Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

54a6d57a5f...91.exe

windows7-x64

7

54a6d57a5f...91.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/04/2024, 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54a6d57a5fdd8932949f593ee06557556949c7853ff340dbe9c91243f2607e91.exe

  • Size

    78KB

  • MD5

    c17765909ddf23fdab21426853b8e3fe

  • SHA1

    f50c41bdc3d6c67ab94b7a9dbb4bf77ed5bcd32d

  • SHA256

    54a6d57a5fdd8932949f593ee06557556949c7853ff340dbe9c91243f2607e91

  • SHA512

    321845a1c5f958c1152664cdfee21ff5abca85bb66d6728476756f001b9e54b062e89fa0533da69c45c44561858709dc298403910ac0012472c255c08856d31f

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOnzuh0i:GhfxHNIreQm+Hiizuh0i

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54a6d57a5fdd8932949f593ee06557556949c7853ff340dbe9c91243f2607e91.exe
    "C:\Users\Admin\AppData\Local\Temp\54a6d57a5fdd8932949f593ee06557556949c7853ff340dbe9c91243f2607e91.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    78KB

    MD5

    41dbb2390062cb6973ebcf805c47479a

    SHA1

    f61d9e286047e743b46e7ce27f5f52d6acf67c92

    SHA256

    e1a930ea93f3b0674f869e24f5812da3281934e1b95a93a5304a8741ff285a2b

    SHA512

    ece1657ac21b4b65c538a4393899024c7d6c9a01c945f5f4e8fcef9d42b0ea3b5be9415533649860580299e1d29300ffe9bca161bebc9071df7deaee717e4c6c

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    80KB

    MD5

    f93f34dbb2aa0ee96f99357e7bc46748

    SHA1

    8c87346db4a401ee3446a2606d8a58152e76eb25

    SHA256

    66295c85a4115f81a14f163c1b2e430394640f108433c07ed5626eaa7c3b714b

    SHA512

    d13aa79fd8ee63076931bed9b2f2eda23035885f5ed39f43e79903b5843a7364e7b4e403d5cdbaf7f6c3a43f19c119d2378182cbd5db23aa4c2b9c6568a99c79

    Download Submit

  • memory/1412-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1412-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download