Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 22:29

General

  • Target

    cf03ea4c076c8ed7a44667f26ee57b135bf65acb50f48f3b574f61b2eb1a49cb.exe

  • Size

    75KB

  • MD5

    12460fe4258ab1ba4c2b77cb943eacd8

  • SHA1

    0d40cc2d28bd0febf065d10e3a6646cbefb05c9c

  • SHA256

    cf03ea4c076c8ed7a44667f26ee57b135bf65acb50f48f3b574f61b2eb1a49cb

  • SHA512

    603476131ce5422488ebf4d588219dd5a22efcd18d20b66bf676caf8a6d36fbbdbc0c47e42d57b345c65d56aafe50f0b999707b6784a4e5bf8aa2907a3de2c5c

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOvAI:GhfxHNIreQm+HiUAI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf03ea4c076c8ed7a44667f26ee57b135bf65acb50f48f3b574f61b2eb1a49cb.exe
    "C:\Users\Admin\AppData\Local\Temp\cf03ea4c076c8ed7a44667f26ee57b135bf65acb50f48f3b574f61b2eb1a49cb.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    86KB

    MD5

    7a0bedee251abcd48348aaee42113de0

    SHA1

    f4aacbf995c3616da4952683b51c2c89cf6456ed

    SHA256

    cfab936d7b22263e1db52c4fd936838ee97c2768378c61554926756af1fd0231

    SHA512

    9871154bf2da2b2fa7af99d277609de3f419a75fc1017ce1861933dbdc8ec435272c24c92d6d4757ab94bed3880976019beed8e308bfeb2eae8e1affb13ff2bd

  • C:\Windows\System\rundll32.exe

    Filesize

    74KB

    MD5

    dbb1d726b8b525c826a83cce48b8492a

    SHA1

    8a88983139910bcaeb59267c3051c181a5b90791

    SHA256

    73f740f384b0d9340cc53eed9712290d0824c2cc3db3d2122f00e5402a3ce02b

    SHA512

    1e028c34199e519fa09b53dba863c47f8499319152d118052b40b214b7ea43a2b5d81be9f821fcce8958be58d2af79df48e1a0b087ef01c22561432b75b464bd

  • memory/2116-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4368-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4368-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB