Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

305c49858f...86.exe

windows7-x64

7

305c49858f...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    305c49858f2320f2eff22a03f1b2ab3961c79b18090d11df345ae7c823cbef86.exe

  • Size

    75KB

  • MD5

    711c778de0a35b22f942eca52aa3ccc9

  • SHA1

    d85bed1355840eb7ab93883b09b2246c750e9c25

  • SHA256

    305c49858f2320f2eff22a03f1b2ab3961c79b18090d11df345ae7c823cbef86

  • SHA512

    361fa180df20c7376a1264af5e6cb976665587212c00a924c8f3587405848be34d2d1b1bc68c3504cfd903789f99fe1d3da2624eba96f4d51c221848e36bfd43

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWORb:RshfSWHHNvoLqNwDDGw02eQmh0HjWORb

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\305c49858f2320f2eff22a03f1b2ab3961c79b18090d11df345ae7c823cbef86.exe
    "C:\Users\Admin\AppData\Local\Temp\305c49858f2320f2eff22a03f1b2ab3961c79b18090d11df345ae7c823cbef86.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    82KB

    MD5

    ba0ca71b9895e8099fec21c75e6d3f5d

    SHA1

    48bd47ac1abd0cedcf4444773c39e4824b19eed0

    SHA256

    6d5ff2c0783da9846034b5e9704d8095f796d3234662ed0ff3b80b0d43692d51

    SHA512

    5847f2aedb9064fa72411d64168f42a9f6e08908e070d894c7dfe80950d96d217c427b426b9c46d27edbcd69d9bf039c5e57d50de2a3a74396e08da77e2efb7a

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    86KB

    MD5

    62964f5bf3523fcb5cedca31753ba8da

    SHA1

    acfe70690fc96a8866f734bb2ebe303e33a14efe

    SHA256

    6035ea47a67e76974071c97bf5d63429ce39628c681e337f84c3698e9ca56170

    SHA512

    45690426a886a0f34674555d90019883cc3e891e822101c791a2fffc2199f46f6a2dab0bd8b347f0970ee6b5c56a2d8c079c70d2caaac230bda412619e7a956b

    Download Submit

  • memory/2244-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2244-12-0x00000000002C0000-0x00000000002D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2244-17-0x00000000002C0000-0x00000000002D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2244-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2244-21-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download