Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11/05/2024, 00:49
Static task
static1
Behavioral task
behavioral1
Sample
a43c3265cd2ab36a3b0c8c77f6bc23ae9c770ee33a4485e0f47f26b8a852f59a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a43c3265cd2ab36a3b0c8c77f6bc23ae9c770ee33a4485e0f47f26b8a852f59a.exe
Resource
win10v2004-20240426-en
General
-
Target
a43c3265cd2ab36a3b0c8c77f6bc23ae9c770ee33a4485e0f47f26b8a852f59a.exe
-
Size
207KB
-
MD5
025b1b20a223205d4f566df00f29176b
-
SHA1
cf0f5263d9d511cbfaece84d05161d1c789e7c26
-
SHA256
a43c3265cd2ab36a3b0c8c77f6bc23ae9c770ee33a4485e0f47f26b8a852f59a
-
SHA512
8be183a6c3a47fd17101357c91dffe7b6d6f04488cd22b76f717e98edf679bf63a89e84226cd54dc8c64e04b30dffe068105a6bd9f3b2627a6c888e28de9b45c
-
SSDEEP
3072:MRSasuUaKjU3TicAHJsow3zpEENchbiMKh5Va79ayi05:MRSasbamcAHJ636+chbiR5Valio
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
pid Process 2040 anhxrcb.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\PROGRA~3\Mozilla\anhxrcb.exe a43c3265cd2ab36a3b0c8c77f6bc23ae9c770ee33a4485e0f47f26b8a852f59a.exe File created C:\PROGRA~3\Mozilla\fqurfhn.dll anhxrcb.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1844 wrote to memory of 2040 1844 taskeng.exe 29 PID 1844 wrote to memory of 2040 1844 taskeng.exe 29 PID 1844 wrote to memory of 2040 1844 taskeng.exe 29 PID 1844 wrote to memory of 2040 1844 taskeng.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a43c3265cd2ab36a3b0c8c77f6bc23ae9c770ee33a4485e0f47f26b8a852f59a.exe"C:\Users\Admin\AppData\Local\Temp\a43c3265cd2ab36a3b0c8c77f6bc23ae9c770ee33a4485e0f47f26b8a852f59a.exe"1⤵
- Drops file in Program Files directory
PID:2248
-
C:\Windows\system32\taskeng.exetaskeng.exe {6F15C756-CAC2-4E91-8F10-DB4AB89C4D1C} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1844 -
C:\PROGRA~3\Mozilla\anhxrcb.exeC:\PROGRA~3\Mozilla\anhxrcb.exe -wxojhrj2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2040
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
207KB
MD5323499b0c2a3c58594083f5d1c5b0c38
SHA17201f7a7433f14d7fe9ef40535729578ed726d02
SHA2563038c60dab074590937f2ad5f8f2b6f4e902b92d651e1fe74adaced4b6bacd11
SHA512108803300bcd3e20863871c6a25f0ab7c8e63bf966c9a9190a3e8797c234f0f030d134386cd4c586afb7b5a7c68699c3c3b565f8f4bc3648cd832b9c5c25a18e