Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fb2a529cdc...04.exe

windows7-x64

7

fb2a529cdc...04.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb2a529cdc5b906d5145b015e2d6e5fc1191b8da5a0a2f56786e6824ada19504.exe

  • Size

    82KB

  • MD5

    d1b3dcad86a122f2f0f72198bec7b8e6

  • SHA1

    f6f4d5206d815abee8d95f75aff239465107bfa8

  • SHA256

    fb2a529cdc5b906d5145b015e2d6e5fc1191b8da5a0a2f56786e6824ada19504

  • SHA512

    31909d3962390688220434f72d7794826fbd3d26602630957cb9a05adc107e3f5b9fdca1bd51e79f0861d01644dfe2578bf2d91b75cdb8d5ade0082bab0fa180

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOXeMwY:GhfxHNIreQm+HiueMwY

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb2a529cdc5b906d5145b015e2d6e5fc1191b8da5a0a2f56786e6824ada19504.exe
    "C:\Users\Admin\AppData\Local\Temp\fb2a529cdc5b906d5145b015e2d6e5fc1191b8da5a0a2f56786e6824ada19504.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3568
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    77KB

    MD5

    ce172635c50140a866b9151a142138c7

    SHA1

    4ca1102c2f9808c62c5f1747600b24bafedcfc95

    SHA256

    91a687ba44d1aa538607c77adc14a95648ee5ca3cb057ff2c1418cd3250a27c7

    SHA512

    89a0d1fbe112f511e4fb782dc9c10d08ce4b0afbd918e39723a699117c4670fc61f10da4e2df2a434690c2fb797a1dd2bca159003f3337e5066f4f3e0817bb1e

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    78KB

    MD5

    ac66d67c777b542a1bd01f9ed4e51c22

    SHA1

    b87ffeea1ed29e045202cc876e11d6553e13374f

    SHA256

    2108cf7c6184f78c126281cc2269d8d24897aaea36d32cb79aa797b76ee7d42c

    SHA512

    3465863430234a751dedf76277a22413609e874e583a2c8fd6c5b700e1f626ca4f1c30fb4d7d7ec41d7abfaad9e2093fdb176d8d882c5884c170edf825d26567

    Download Submit

  • memory/3568-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3568-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download