Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

654e905745...4a.exe

windows7-x64

7

654e905745...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    654e905745a48a3b797e31ccfb4ad6fd5b2988529e03f9813a8d0698b419244a.exe

  • Size

    77KB

  • MD5

    65b5c90bda5728c91cb427bff02b5a27

  • SHA1

    f6e1cc9814a6df84cc1870e8b661ec3f4abe4484

  • SHA256

    654e905745a48a3b797e31ccfb4ad6fd5b2988529e03f9813a8d0698b419244a

  • SHA512

    12b839f8f5672e5602af317b029d1a9d4289af698d2f357f0cebb3b412206198cf9eeaa4fec2a59f0f9249a5b4be776d379befe92b639974393e5ec9c0a92196

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOyP2B:GhfxHNIreQm+HixP2B

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\654e905745a48a3b797e31ccfb4ad6fd5b2988529e03f9813a8d0698b419244a.exe
    "C:\Users\Admin\AppData\Local\Temp\654e905745a48a3b797e31ccfb4ad6fd5b2988529e03f9813a8d0698b419244a.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    75KB

    MD5

    d1363978bf216165c293365dcd656dc2

    SHA1

    259883947380fc7235fbda06fb08455b97cbb2a5

    SHA256

    f474fdfd181e9aed1f765dabdb20e680aaf5395b3c35dcbde16945683b0b63d7

    SHA512

    7b397202c4566bf0b0486e5c219ceb0208983d28f58fd1a763993ae6425b4a8c83c2b682e49f3ca670957589eeddb8927cf674d3acf27f9884d8063a091c2cd8

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    81KB

    MD5

    9d617daf9a1016e98be0b591cef49162

    SHA1

    bf5163796934212a73fb15544f2f6637393385e2

    SHA256

    eaf80e0058068ca1c6c15c2dc302e450961cb4621be5d974132ceef076491e3f

    SHA512

    2a1b702eff0bd1c7e84cfb5555d78e28b7329027116383502e8bc783b41af1588ee9ab0e4d92aa4e6f82082749575261d3d780a4f0b49435c5b2f16954b7c25f

    Download Submit

  • memory/1860-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1860-12-0x0000000000360000-0x0000000000376000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1860-16-0x0000000000360000-0x0000000000376000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1860-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1860-22-0x0000000000360000-0x0000000000362000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2548-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download