Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 04:39

General

  • Target

    cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f.exe

  • Size

    78KB

  • MD5

    62a9734fff3c70800eb7ebfe22c159f2

  • SHA1

    dbb793db6a0c8ff572648d00cbfd4ed3f04d379c

  • SHA256

    cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f

  • SHA512

    6a9fc3afc31939fe9a82328b0de93ecd023556fb960386c1e987edac00efbff7d1261888d9e96f5aaaef1a3a1f3c62e24d0af363c89e198ba2d3c4233885f823

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO6wHNt:GhfxHNIreQm+HitwHNt

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f.exe
    "C:\Users\Admin\AppData\Local\Temp\cda6cf771a14fcbb4b3ce9e5be5492d2f099061affa8b5d8a20687fd865a281f.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    79KB

    MD5

    cf368ba2a4708ecbfb7b8facdbad135d

    SHA1

    500eb1209d60f7978849593386d17f972125686b

    SHA256

    1bb047d3e774d8a87c13af144e55cefcecd5bb24b699190f002a02130ada3079

    SHA512

    52fb9b6199959fd4b1d9a8b37e35c6138fc7d3e1535517acd7440d78cba9ca9f6f6f0d84165ac8783264783f3c0f4122d58e35fc9ff575882600382b7c5694e7

  • C:\Windows\System\rundll32.exe

    Filesize

    74KB

    MD5

    61f78a1e84a0aaec9bca22e6573e7026

    SHA1

    a8df3b9a3734673455d6536f94278e3c8f6546d8

    SHA256

    df8465e00005548118b1834b7966553905fa0a4f85420030807ec381cb705006

    SHA512

    25188741d2b6144904d061871cce45f3cc6cc11e8175a122486314e623c950630d5f630fbd263f136993e2b127a92d297fdbea00e6be94276359fdd276338dc3

  • memory/4376-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4376-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB