Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

80a8f3debe...24.exe

windows7-x64

7

80a8f3debe...24.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80a8f3debe08b3e6b66b5d56eda6bd567f932d9ab98e0c0c8fe872233493c624.exe

  • Size

    78KB

  • MD5

    7236ca618d2746c70a19783d63d23903

  • SHA1

    737a69aff0375114b0c5fee17eef3140a764ea20

  • SHA256

    80a8f3debe08b3e6b66b5d56eda6bd567f932d9ab98e0c0c8fe872233493c624

  • SHA512

    95e5a495910fc59bfdcb1808b052208fc848f03426dc0ddc5fc7e42749a89acba1c59c7dda1e797cab377f438b990e9568e4a687ec9d6fe4802d586d6a36f156

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOZ68:GhfxHNIreQm+Hiq68

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80a8f3debe08b3e6b66b5d56eda6bd567f932d9ab98e0c0c8fe872233493c624.exe
    "C:\Users\Admin\AppData\Local\Temp\80a8f3debe08b3e6b66b5d56eda6bd567f932d9ab98e0c0c8fe872233493c624.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    74KB

    MD5

    335a7cbc4d41f0aa61206d6011ff5d69

    SHA1

    1b35c4c73a1dae3880c2fde90b4d5ba9898fb7a2

    SHA256

    a358dd979826db6bc6f568e484138c7c4adb0171d1e768184e487fc9fbc8804b

    SHA512

    a8eeef290dbcbcc71104d3770e00f7b6451bb1a8c77b373f5c9d6335887d0a33b260c9e91c0e8f8d6002f791f70380a7d00ab208db821ac7334cfb364b34cab5

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    81KB

    MD5

    4ad16804b10bd409bd8e393f92b442af

    SHA1

    8597b67ff3382b3bb28140654453524c0f233860

    SHA256

    d9414a3ad36a58ec1cb4fcd3638cb1caf4c291688534319510d34d2f025c70c2

    SHA512

    e2c531de1f60e3b5a57a9a66b7d692953cbbb2d15a1c38fe5b85c7eee91fd004693d654cab21cb0529cd6bb8578cc32501ce8dbf7298dd67c42b158b35c41f68

    Download Submit

  • memory/656-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/656-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download