Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d37ac64fc8...fa.exe

windows7-x64

7

d37ac64fc8...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 06:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe

  • Size

    74KB

  • MD5

    9afab35e020ddd49577409ba12890c68

  • SHA1

    efd7465f4da610804160f7a8314c6661d1199d36

  • SHA256

    d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa

  • SHA512

    db64c83f352843af0b198d5de529a888197fce7e7d515ce1795c1d31fdcdd125f1d2dd8a137673951abeb21d1cbb7113595f4116f894e8f5bf8b4dcd9402af45

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOCab:GhfxHNIreQm+Hipab

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe
    "C:\Users\Admin\AppData\Local\Temp\d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2304

Network

  • flag-us
    DNS
    www.zigui.org
    rundll32.exe
    Remote address:
    8.8.8.8:53
    Request
    www.zigui.org
    IN A
    Response
    www.zigui.org
    IN A
    103.251.237.123
  • 103.251.237.123:80
    www.zigui.org
    rundll32.exe
    152 B
     3
  • 8.8.8.8:53
    www.zigui.org
    dns
    rundll32.exe
    59 B
     75 B
     1
    1

    DNS Request

    www.zigui.org

    DNS Response

    103.251.237.123

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    77KB

    MD5

    18123af2f265dc0b4e513024da9506de

    SHA1

    33958a3749f6e18d1d9bbd18f4b72f93511c1428

    SHA256

    14d9b1dc02e39a2603bfe8103e1748fb0609c8034095275299b333313e38c9d6

    SHA512

    7b8d9095c127c84cb81b3f35ee3785d53624f9536407d519aaa13606a89867e85419485ad85218d90e0d0e4457e3802e6e8b169a6d4f1489c8758ba9d7f16588

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    78KB

    MD5

    63bdfa5e3ccd2384933065bcd488455e

    SHA1

    dae1432e26035a0ebbe9a2e8338a8bfe39de93a8

    SHA256

    bc26b20588bc264db5451b1ce63941b901563452a3a2c25c841371afbba87970

    SHA512

    451d5987183b3686f5c90e2bdcf96eaae8e7e1fbbd53583be2d2206625811303a0a791e744e34d2f609e45ab3f8ed93b8a2ed71a1b1a538e75de06e0d48d6c16

    Download Submit

  • memory/1612-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1612-15-0x00000000002E0000-0x00000000002F6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1612-17-0x00000000002E0000-0x00000000002F6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1612-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1612-22-0x00000000002E0000-0x00000000002E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2304-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.