Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

accb294d43...80.exe

windows7-x64

7

accb294d43...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    accb294d4398085d1913df4b8f0641e425a3d1816ae16c21cb9fc636c488fe80.exe

  • Size

    79KB

  • MD5

    1c735fc28f2cfcca56d4767c443493d9

  • SHA1

    0fe1407d0e0937b8fc4154c6ec87e76e92c86c81

  • SHA256

    accb294d4398085d1913df4b8f0641e425a3d1816ae16c21cb9fc636c488fe80

  • SHA512

    4d3c7b6d8015afa9a59607281bfb58b65a48db61a29ded74e6330fa8ac3db0dc42e1826d31275f79c7d348019fdd56376fc3803a707076de52c2619a3e450962

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOptkz:GhfxHNIreQm+Hi2tkz

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\accb294d4398085d1913df4b8f0641e425a3d1816ae16c21cb9fc636c488fe80.exe
    "C:\Users\Admin\AppData\Local\Temp\accb294d4398085d1913df4b8f0641e425a3d1816ae16c21cb9fc636c488fe80.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3300
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    84KB

    MD5

    4a649a795150fab2def5a23176925aea

    SHA1

    17076b905fff5a6506ff5ce821c4c1a25a094c4c

    SHA256

    0e3ebbc93c959a0f5ade0524076ede0c3109a747d569d94f652f17e0c1b9ecf5

    SHA512

    acfd6c18e92221ba8a72cb7524eb2b6c8bf97beed2fb5bb0417e82ba2b1d8613dc084cdfa9404c5834a53e0a7d8c7812af912e6551e5dbb1669743ff7f8e412a

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    f0eb5e3a2a47fc87bc1d598dccfc02e7

    SHA1

    4c2cb3ed79bb60b423afdb2d3ce367f2a47d4da0

    SHA256

    9dc2449b753b32f544cb4fef0d092890185e46ee7faa9c230a336f06a7e71064

    SHA512

    f840a287e2eebf4966f2a4de6a5e12c99620601b47d3b7c000678e2d479ff79a532248f26818d3113dc91700568441fdc86217dead535e38abbcdb9f4f7f89b7

    Download Submit

  • memory/3300-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3300-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download