Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2024, 23:17

General

  • Target

    684f6d1c1e97c7982baf8b050fc4754f83e3b436d339cfc581e85f7a9cba95da.exe

  • Size

    77KB

  • MD5

    01119b49e0df05813cb902d617987c8d

  • SHA1

    61f6895a0bd6301840d8e7d27e1e93950967b6ab

  • SHA256

    684f6d1c1e97c7982baf8b050fc4754f83e3b436d339cfc581e85f7a9cba95da

  • SHA512

    40ddf5d87cdaf01b3f40fac0515d2a57ce88f1f29982e32e3c5b36bda3f68b0c9e80424bc2515c2d35ff90e1c46e43702a4de99b14204fd318e4ac2fc1899dcc

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOXyC:GhfxHNIreQm+HiQyC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\684f6d1c1e97c7982baf8b050fc4754f83e3b436d339cfc581e85f7a9cba95da.exe
    "C:\Users\Admin\AppData\Local\Temp\684f6d1c1e97c7982baf8b050fc4754f83e3b436d339cfc581e85f7a9cba95da.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3748
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    84KB

    MD5

    a4517d778b503e632c9c1f376e6e2d28

    SHA1

    3c87695798b03e7508fdb6e6ec3f6980d5b2ea42

    SHA256

    5534520d2719aea45d4fa2dafcb95b0619309c7b085bc569e7bdd452218a7529

    SHA512

    b288bcfc41d18431f7cf3255e49b74b880ef33ddbe064cda9c7cae6605490610e10fd80efe6064b2ddfd4f898c1ff169b5678ed592a1f9bad78520219434c535

  • C:\Windows\System\rundll32.exe

    Filesize

    79KB

    MD5

    9c59a4cd303e39f09801277db58d478b

    SHA1

    3522b07925cc0f60b360302d582515cfcaaaba2a

    SHA256

    ea917a5a65f550036e0cf361bca02d4ea4e8ceeb37d0b0ea0a2bcd23387e8d1a

    SHA512

    f125d08743552b903dc0f561f76ad01dc9a2f4c254c49f0728012f7aec1f8820a95cf7b8c0b8507ce6713b891edbde5fcf497e1a6b8605afb1a658069129efee

  • memory/2456-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/3748-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/3748-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB