Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

virussign....00.exe

windows7-x64

7

virussign....00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virussign.com_cdd6acb0f24454c0bcde978d2c694600.exe

  • Size

    74KB

  • MD5

    cdd6acb0f24454c0bcde978d2c694600

  • SHA1

    63c691abb35c636f3b6bc231e4a366bd01f8562a

  • SHA256

    24ffc9be8fffa0524984a90a71492d1a7c458cead1a419ff983dbf343fa1be06

  • SHA512

    3e2eeecc6551660f7b02a492449cc9e957ae1365d64a9d528744374a8c9252031e2f86eb592b3216eb0454939495a3ecf3357a5066b657600a3e2fe72ab563cb

  • SSDEEP

    1536:kP6RJLbSshapMJgK+hxaZUux1imfJPtOrqm1s/XZydNg:06RJz25KnZFvVfJPtOrqm2/XZuu

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\virussign.com_cdd6acb0f24454c0bcde978d2c694600.exe
    "C:\Users\Admin\AppData\Local\Temp\virussign.com_cdd6acb0f24454c0bcde978d2c694600.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1984
    • \??\c:\users\admin\appdata\local\temp\winlgon.exe
      c:\users\admin\appdata\local\temp\winlgon.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 204
      2⤵
      • Program crash
      PID:1884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\winlgon.exe
    Filesize

    74KB

    MD5

    3f6aa48ac2b95dc2f3a2eb880eaa01ea

    SHA1

    b339c3abe7635897fc462bdf6abace7ad34b9704

    SHA256

    93d60b545ba9d198c29adc81f1cca5282039fa48c841ee71d6288b7fdf2d9e5e

    SHA512

    fec912c9739c16c758fdafe3daef7faab652f132dab4256aef936802e24951f55b4d039bd08ee068ae3071193247a5b1e38dc3e65593d68bc6e720f2869efe38

    Download Submit