Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 22:29

General

  • Target

    b912a788fd451bf4ddd1834e37e08ef81d3549b948ed0888e16a1e3faee984f1.exe

  • Size

    79KB

  • MD5

    2874966864fc9bea32cc457135b8ab8a

  • SHA1

    7e188555a5b26d09813bde4c5b400fd364079099

  • SHA256

    b912a788fd451bf4ddd1834e37e08ef81d3549b948ed0888e16a1e3faee984f1

  • SHA512

    89163ff1c3a2b0e86f60a0445723b98d25828c550d33052d92a006da9710b066e9b0887594457b6b062bfa6247658b6981b3b830c736b4ce7916c61faa2686ab

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO3Bxr7n:GhfxHNIreQm+HikBxr7n

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b912a788fd451bf4ddd1834e37e08ef81d3549b948ed0888e16a1e3faee984f1.exe
    "C:\Users\Admin\AppData\Local\Temp\b912a788fd451bf4ddd1834e37e08ef81d3549b948ed0888e16a1e3faee984f1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    80KB

    MD5

    08a2ea182db55e78e37d68780163faa9

    SHA1

    75aee4cba63d73aef2ce233881a83c2b0fa08026

    SHA256

    1ec156a41a934672a07bbebc72b2a34900b509f8a915da1aaea726792f0293e7

    SHA512

    2dc3df90b5fc7a5142a79c699f10038890fec291ddcd330533f313ea1dacdb931392503c6696beb87d992b97b0d2c2fe6843695acb908bf4f563c40f3cade49a

  • \Windows\system\rundll32.exe

    Filesize

    78KB

    MD5

    837ff4137c0bac5dc6660c0f3e7d612b

    SHA1

    464b6ebb87b11ce6846c1d396986feaa3e34a636

    SHA256

    c9469617404df071dea75cadf4eb4111c3028e86ab8c2d7e7a95131639ff993f

    SHA512

    8e07bfdbf439859c7fcd124919859de56604585846fc3837e8a4294ca2ff0acc8065c911f7bc236fdb65e78ae65a5d242fb509b9005bf77a8cd13b3de0859fb7

  • memory/2924-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/3064-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/3064-12-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

  • memory/3064-18-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

  • memory/3064-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/3064-22-0x0000000000270000-0x0000000000272000-memory.dmp

    Filesize

    8KB