Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5c929e729a...ea.exe

windows7-x64

10

5c929e729a...ea.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c929e729ab93633487e8a61d73e996cd14c38c9ae8ad59be41e84e77b6093ea.exe

  • Size

    135KB

  • MD5

    dca2f57a7d98846603c844bcefcb3d98

  • SHA1

    f83ec0cf3589b7dd0bbb058f8f98cad4bb9e048f

  • SHA256

    5c929e729ab93633487e8a61d73e996cd14c38c9ae8ad59be41e84e77b6093ea

  • SHA512

    4953b855e8059bcaf457f7b3bddff989026e16945178cd21d59eca9211c19e4a8da7d3f0c8b01b0bc47b17025410ec5ec40fd31e0cf5509735f6870f6b28c208

  • SSDEEP

    3072:UVqoCl/YgjxEufVU0TbTyDDalHhLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL1:UsLqdufVUNDa5

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c929e729ab93633487e8a61d73e996cd14c38c9ae8ad59be41e84e77b6093ea.exe
    "C:\Users\Admin\AppData\Local\Temp\5c929e729ab93633487e8a61d73e996cd14c38c9ae8ad59be41e84e77b6093ea.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:776
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1672
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4920
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4140
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    96a07cc03fdf2cdb8baf3c6c98b4a700

    SHA1

    ba508f3c8a2215db771a81e9a8d3dda26e5fb09d

    SHA256

    2c518af38941ec4c1ebc897e40ef74fec0ebd9cb0dd9ad2cbcc0e797fd8688f2

    SHA512

    ba70e08d709d880ce8262492792e3422dd4519df2c6ecf572bb78aeba10330d23ba6878db4cfb387f392aaf642e91fbd8e6baeeb8b48727a02866fae3f91628f

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    281878b8930fd70fb726b1d656df12cc

    SHA1

    f26d11c1aa081c0a9adf188ebc69f5e12868d8a6

    SHA256

    bcd59ce963c93414273dd3eb02c2043b9cbb953cd6f7b5b106b50c922a5cb3b3

    SHA512

    38882d7ce81e5615148913fd674876595bd055d1e528bb1335ecf79200689ee64fb38aea1ff403b5be2f2be7f5118dd0ad1d68a4851a1564996dc3e24c1c44cc

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    03814f03a04fe6fd61c45fa70b267115

    SHA1

    ede0d99ea1006825a34fac745cd22bbef0645dc3

    SHA256

    13c7d1b613cbf1e69b1cb18dbda9e9f26cdab913b5f3174f0964d58b88ec7c70

    SHA512

    9c3aef18ef84589b88913c50b0bdc9f49a9edd39387db9668bcdc9c2f8017fa2289ff2b52ddeb372b2576318c449fe0ffb1951da562f476d0abf5fb8261f592c

    Download Submit

  • memory/776-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/776-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1480-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4920-17-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4920-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download