Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 22:29

General

  • Target

    3aa91f72d32fbf91630e82d0727ae97ac93eb73ed40a6ce519510439cd229b96.exe

  • Size

    80KB

  • MD5

    1e132db584a80b240e8e03139c38229b

  • SHA1

    2b0944f64323830f0e215e20a78e5b8ba79cf0b0

  • SHA256

    3aa91f72d32fbf91630e82d0727ae97ac93eb73ed40a6ce519510439cd229b96

  • SHA512

    904cd0c0e65d91d98b2f08f939eb66dca82a53d2c59a0f0789f2a154f6a63559af4bde856cd7cd35d9837903641d0e3ffb9043ff357f0a3dc0286b3947f26dfa

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO9crLSqQ:GhfxHNIreQm+HiicrLSqQ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3aa91f72d32fbf91630e82d0727ae97ac93eb73ed40a6ce519510439cd229b96.exe
    "C:\Users\Admin\AppData\Local\Temp\3aa91f72d32fbf91630e82d0727ae97ac93eb73ed40a6ce519510439cd229b96.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    76KB

    MD5

    84c590dc8d5bbdbfe36ddacd052d8296

    SHA1

    f7dd969056e6e7eab5e93bbc6298ab39085d10d2

    SHA256

    792923e92fc5675a87cb2d84e6358939a84ce8d65f36620ebd1e6dca766b1e79

    SHA512

    f8c0b446bfa2dd936f79c114c26dd7045fbcc4450b8d42b2e396cd1257c0613fca21d79fee8e434db5a715596911d2d6c67466a09923cc6f9bdd4eeceeb1239f

  • C:\Windows\System\rundll32.exe

    Filesize

    79KB

    MD5

    c594ce3574557441b9504072d5f6e7de

    SHA1

    3cb7432f1eecd5c8d811b29aee3ad3dac329616b

    SHA256

    9d82977eefd0d6e70221f797ac6c2e5f512b002ec8ccc530778b184621e25d14

    SHA512

    d5d0df1955e79aabeb2a605677ab8a22ffad3d66f0014f92ccac374b406ac7e7853e871601fb6135da6b329ac297dd709dc53b967c9db63f75d24969c3c89519

  • memory/868-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/868-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB