Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 04:39

General

  • Target

    cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f.exe

  • Size

    78KB

  • MD5

    62a9734fff3c70800eb7ebfe22c159f2

  • SHA1

    dbb793db6a0c8ff572648d00cbfd4ed3f04d379c

  • SHA256

    cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f

  • SHA512

    6a9fc3afc31939fe9a82328b0de93ecd023556fb960386c1e987edac00efbff7d1261888d9e96f5aaaef1a3a1f3c62e24d0af363c89e198ba2d3c4233885f823

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO6wHNt:GhfxHNIreQm+HitwHNt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f.exe
    "C:\Users\Admin\AppData\Local\Temp\cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    83KB

    MD5

    54422be0e266f1ebc72d94be406c180a

    SHA1

    d09a62013b355fd7e1d6241d6d05006e023514bc

    SHA256

    42b578a7dac2157601ac10c8ea72747c98720b92ad3f7321e3ee0b186bc02208

    SHA512

    833c67f64c82280bc0f10bd7ce07de00efa048f3840060e4bf98a59bd30be2f1bcde1d920b300504d89e9c593f02359df88e25da08a67ee97bb4b0c8dc2e18d6

  • \Windows\system\rundll32.exe

    Filesize

    81KB

    MD5

    3b34b2d86b06082dbef93b9084f6419d

    SHA1

    0e7007fe2efc6bea1cf0358befafc1be3aeedae6

    SHA256

    a95f62bc801f3d0dc4a59e7fbf6d96890174281b9ff8f3fe7c3cf2dd78b9f680

    SHA512

    6d53ae550a2e7128ac7ffda1cfaf4515f8a80421163f71ac4e8116e93b4fbd67f7a59bfa44137f01fcd981c47ce2f90f4fec7d2c7dc2310718b9105a84c1e7ab

  • memory/1692-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2328-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2328-18-0x00000000002E0000-0x00000000002F6000-memory.dmp

    Filesize

    88KB

  • memory/2328-17-0x00000000002E0000-0x00000000002F6000-memory.dmp

    Filesize

    88KB

  • memory/2328-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2328-22-0x00000000002E0000-0x00000000002E2000-memory.dmp

    Filesize

    8KB