Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3b7acc3e01...36.exe

windows7-x64

7

3b7acc3e01...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b7acc3e01fd54b4224c85d866891b1a6922f86e85b5d7b5d57b27103b436436.exe

  • Size

    75KB

  • MD5

    e63a95ee4a83e87d61f0d11de56ff8bf

  • SHA1

    c9665889a20609001f1524a33563b48a733387fe

  • SHA256

    3b7acc3e01fd54b4224c85d866891b1a6922f86e85b5d7b5d57b27103b436436

  • SHA512

    8272c60cedaad53e4ce1733c8f41f33df7dfe1c741dee7ed10068c2853291fa63b190fed79e3cb160332837ad69aee7966b51e35cd1f646b5389a5cbda471f14

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOwJ:RshfSWHHNvoLqNwDDGw02eQmh0HjWOwJ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b7acc3e01fd54b4224c85d866891b1a6922f86e85b5d7b5d57b27103b436436.exe
    "C:\Users\Admin\AppData\Local\Temp\3b7acc3e01fd54b4224c85d866891b1a6922f86e85b5d7b5d57b27103b436436.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:448
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    79KB

    MD5

    3231265c91381b75c60113f7eb999ea2

    SHA1

    19c742c3cb65a98c87680605a2e9eb56c8ecf8ac

    SHA256

    323d5e1b65f49cb4ec85788385b131052d6435c708de6d1022992fb59a745f65

    SHA512

    1f717a8acff8db56b3e4dee924e7bc72e37f97f2a71305ac09e2a140000bfdfa23600d380f0b3049ea443deaf83ad51f9757ea34ea3eb2723790186dd7c3f83b

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    78KB

    MD5

    314aea70f024e0e940f7091a7a586888

    SHA1

    7805e4f312f2f8cddb62f113e1cd3a7acec87d14

    SHA256

    2b3f8d202680c8ca0fb2d30409f8ae13b8ee211a8731eae5c46610998ebdee9c

    SHA512

    d4bace618858b3932760ec43a17c0a737df2b13cbc7f751b7365b57e7d07d906238d84de085f0cc7b6afa8860a5dd4819150cbe5f2d6a36f192b75fe7129ca7d

    Download Submit

  • memory/448-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/448-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download