Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
10/06/2024, 14:33
General
-
Target
8bc4d01bf47a0e222d92548ec35a7adfae3c1a093fc81658e0046f2913c027a0.exe
-
Size
65KB
-
MD5
b737cc24c87f8c3668fa7790e294a298
-
SHA1
c2602aad84e8de707bab357d7eef482bb5df66db
-
SHA256
8bc4d01bf47a0e222d92548ec35a7adfae3c1a093fc81658e0046f2913c027a0
-
SHA512
72c2f03013759a09dd37446d7cc185eefa70719cad213471e37e2feb86f2a43eaceefc7a58061d778d1c02fa3181cadb445b3d80f9ea5d71137b2976eaf9137d
-
SSDEEP
1536:ECq3yRuqrI01eArdW/O7JnI2e13XiLij40MkTUVqa/OuU:7WNqkOJWmo1HpM0MkTUmuU
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Modifies Installed Components in the registry 2 TTPs 8 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 8 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 28 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8bc4d01bf47a0e222d92548ec35a7adfae3c1a093fc81658e0046f2913c027a0.exe"C:\Users\Admin\AppData\Local\Temp\8bc4d01bf47a0e222d92548ec35a7adfae3c1a093fc81658e0046f2913c027a0.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe2⤵
- Modifies WinLogon for persistence
- Modifies visiblity of hidden/system files in Explorer
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\system\svchost.exec:\windows\system\svchost.exe4⤵
- Modifies WinLogon for persistence
- Modifies visiblity of hidden/system files in Explorer
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe PR5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\at.exeat 14:35 /interactive /every:M,T,W,Th,F,S,Su c:\windows\system\svchost.exe5⤵
-
-
C:\Windows\SysWOW64\at.exeat 14:36 /interactive /every:M,T,W,Th,F,S,Su c:\windows\system\svchost.exe5⤵
-
-
C:\Windows\SysWOW64\at.exeat 14:37 /interactive /every:M,T,W,Th,F,S,Su c:\windows\system\svchost.exe5⤵
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD56688944cc4d6771d943e23b2c8137cf3
SHA1912b5668882e2c150a88293649a01cf5595356bb
SHA2566b25b800070d28045204cfaa78d30f98e4b9cc865272b164e094d9d6ec3b8676
SHA5120ebf776ab521394961aee65eda0d921621a262286951401e3626e7bec99128c0ec125cecfc7e7fb7ea4f37d32e3b2bfbd06c6ebbb0e7453393ac2bfd4a0b9e2f
-
Filesize
65KB
MD5da6158da4dc9e6cfdf74e99cbe598111
SHA170407a0caf6a6f1e496a863d8e79d5ee2ae9cbab
SHA25612be00aedefef3c75ec9c62168828cf9604d459ad985f3b6e9bebb8941345c84
SHA512f8988c17e2e6f6f10e3a70b2374efe35c1b4d2187b7fed68eca9aeb9532eacb7dd17b25fff6160265b18c8eb79b6aaf0dc1510d3074709c446afa1662c58147f
-
Filesize
65KB
MD5b55b2b835a36756d259978b34b0ad5f4
SHA19b7057f5e83906a391d4fadfa7c427200367789d
SHA256b8538fc4beb3f23081adb5b80be4c29f0fb6cb5994a78c5ef5eb9aca3c8a1584
SHA512e7373f0ab7ba0c4255188eebde063493df382bf9ad7b0062cd52a346654b3547b4710bcd92eb3a39a9a34b6fac1ac4807210109b6cd3a5ad753aba150743e428
-
Filesize
65KB
MD5642ec0455fd9aa637239a89e6d85cef6
SHA1035378b8d7e6582ecfaa52656670787e3c586a10
SHA2560a5912b713e2d83bc9707d42d7f3ea43bbc8897db54d54367dd575fe2d5811a6
SHA512b07ca3b4c13e84faa820d3792628ea162a3df79cf48cc00c07f4a01b3772c973f1bc1b4e4baf9b31d9222981efd19454ca4772182734f84af0035e98411381fc
-
Filesize
196KB
-
Filesize
180KB
-
Filesize
16KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
180KB
-
Filesize
196KB
-
Filesize
1.3MB
-
Filesize
196KB
-
Filesize
16KB
-
Filesize
180KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
1.3MB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
1.3MB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
1.3MB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
1.3MB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB