Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

23cbbbb852...2d.exe

windows7-x64

7

23cbbbb852...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23cbbbb8526f67de37a25f98dabcc16363ae9357dbf3f7a0d50be56636ce1f2d.exe

  • Size

    82KB

  • MD5

    40e0a772bc2eb44acb5663f9094c8f3d

  • SHA1

    67ffa2a2dc0ce31349db69288fb507581218ab46

  • SHA256

    23cbbbb8526f67de37a25f98dabcc16363ae9357dbf3f7a0d50be56636ce1f2d

  • SHA512

    966b4674b31f0b8e86ea8fc5ced01276db70d98349ec657e8ab10a3eb65fc2b46246d51790778e0fdeda8b143fe60bf95b393012b9b8856488cf5d277aaf2b71

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOGcWpd:GhfxHNIreQm+HilcWpd

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23cbbbb8526f67de37a25f98dabcc16363ae9357dbf3f7a0d50be56636ce1f2d.exe
    "C:\Users\Admin\AppData\Local\Temp\23cbbbb8526f67de37a25f98dabcc16363ae9357dbf3f7a0d50be56636ce1f2d.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    80KB

    MD5

    2a19e0e7b97b929eaaa071c376c4712d

    SHA1

    f7abd750429214d96669e9058290bba0d5e67003

    SHA256

    4a596db8efd1f28b9a698ebc3d832ffb20725c33d179a816a7415f866e155393

    SHA512

    4a0378d30b7a3baa0cb85f0ccb3b851ec033a90f679a8f8cb76fb4a2b4106b5c2f17d9205185aede5735ba5108594f28be3f5a059d1c087cae4d3155432f480a

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    75KB

    MD5

    483c0e840365af211ac3788304f4d2b8

    SHA1

    e97624193c48ca7289adcee9cef790ef39631b7a

    SHA256

    5c5b6220461cab3a60f8ce6ed58f43c5d86df3e01d89031696f2a83da9cca1c3

    SHA512

    70dbaea8556a9c84ff362e0f9fb8ba817ad08ef7feee4b52415957c4cf32b6a3a35979f3ee12101fa22ca637293bdaad79bc1ad55b35f8e1b1441ef56676a67a

    Download Submit

  • memory/1992-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1992-17-0x00000000001F0000-0x0000000000206000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1992-16-0x00000000001F0000-0x0000000000206000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1992-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1992-21-0x00000000001F0000-0x00000000001F2000-memory.dmp

    Filesize

    8KB

    Download