Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

018a0fa3ab...50.exe

windows7-x64

7

018a0fa3ab...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    018a0fa3aba626f6da5957385b7bc57f5ae140006b7776dc0789082eb1618850.exe

  • Size

    79KB

  • MD5

    17b1295880207e66513150de71ee8661

  • SHA1

    b2fca196a36bbfaa882a5bd021fa0960f1ab6f1a

  • SHA256

    018a0fa3aba626f6da5957385b7bc57f5ae140006b7776dc0789082eb1618850

  • SHA512

    eb2d1c0a54fb1d6945fe4efd99cae371456a825f0561b27454ef90f000244d8a5766cfd1484636a49fbaa708d94d10f5b97487c6039c32ba0847af8ddaa0aaa1

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOE10I:GhfxHNIreQm+Hit10I

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\018a0fa3aba626f6da5957385b7bc57f5ae140006b7776dc0789082eb1618850.exe
    "C:\Users\Admin\AppData\Local\Temp\018a0fa3aba626f6da5957385b7bc57f5ae140006b7776dc0789082eb1618850.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1256

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    79KB

    MD5

    4dbc16e5a4035d3061b3730f98f88a1d

    SHA1

    8b42e967b1ae0ab12cb4508b67e6e9fd70ed76fb

    SHA256

    a711c157dc219200d7c3a0f7f2fa4b1abf63be036c825153785755e59cedca5c

    SHA512

    8a9ad5a0e992f632f3760351fc6171b7a3e196766a778a10b4395b2e2b49308cc96cf3b56b7633905787b673ba96ea6139f6fed93317ed3fb18b636b512d5b10

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    d2c0dd76e05e3ed2106089468b2d65a2

    SHA1

    642967312de7e370e19515651b6cb460bec6e87e

    SHA256

    13cd0eb0d1b9065937173ff5e79f8b5088e0690d65e60d3782a491366697d2e3

    SHA512

    8e9c96fe25347aa869797e0ceba8adf0d74ad34a76a24e4fb9eb23dfdfe521b130802e3b2c8ee303f365b2bce51e70ff7bd211645c0c20b79a7ceba5d0dfc69a

    Download Submit

  • memory/1148-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1148-12-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1148-21-0x0000000000270000-0x0000000000272000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1148-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1256-18-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download