Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2557e261f5...ba.exe

windows7-x64

10

2557e261f5...ba.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2557e261f5b4611da5512ec6b2d5c1e90462fa7439b8714255d27e16a8474dba.exe

  • Size

    135KB

  • MD5

    52c98032c1d953c808a7fc2e1feb473d

  • SHA1

    06bf18a0965e34715c9d12f0fca123bad3a142d1

  • SHA256

    2557e261f5b4611da5512ec6b2d5c1e90462fa7439b8714255d27e16a8474dba

  • SHA512

    6663aee0e547dafa009c26e31351e20368d3a4ab98c20388b858b781f7d15c114354568b0acdcdec6f2802b3b050121634c161b71a1443c1e335d4bb3e3fb56b

  • SSDEEP

    3072:UVqoCl/YgjxEufVU0TbTyDDal5yUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU3:UsLqdufVUNDao

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2557e261f5b4611da5512ec6b2d5c1e90462fa7439b8714255d27e16a8474dba.exe
    "C:\Users\Admin\AppData\Local\Temp\2557e261f5b4611da5512ec6b2d5c1e90462fa7439b8714255d27e16a8474dba.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2632
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4668
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2272
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4288
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:5052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    d5947848568b059426d029c4362f5c92

    SHA1

    dda9070465d6334113f5ad51e94e57cf79e15be2

    SHA256

    b69e4963652ee7008ec0ce6082c9e2fd1acf906939f91c5f1dbb5e44e69e422f

    SHA512

    e3bdd03aabbc2fe36a7551c18dc60589476e66f5f5da9d337e142c669dfad45c4d4c9a5052febaef88834b2850a382dbace11657d90575107ec0d25afda2382f

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    c9f4a50ea2ee3a85c56becf47cd30357

    SHA1

    77b04bd97bc9da2b5e39238037c3eff2f5ac9522

    SHA256

    becbe50420d26884ab68ed4971334160668590112f5d68ac7489086217d4a176

    SHA512

    3d90e060e9e3d7ea66aa0e46f267f7582b8f61ad979d960756d1432e2967de05da61446381d416b041c0aee89f77aabd1779beb0089e656d5d3012739bc809b5

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    3e90b3f6fe30052d3c6cc26b48b981aa

    SHA1

    337760651401fdbbae202c029ed561a8e7d5e347

    SHA256

    a493ba51d8f94c44e88cd542e8995531125edb365d581e7a265bb49515a101d2

    SHA512

    33e2b034f3729ca877e0ebd306bcfdc11c98cbdeee20b7dfcefd038db0737146d418f767260a880dcb2062ed7161c5bd3c8d4c3710ab6ff15bbc0d35008bc65f

    Download Submit

  • memory/2272-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2632-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2632-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4288-25-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/5052-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download