Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 04:39

General

  • Target

    57fddb1bef42e33ccee7e8d36af892b8635900cbd447748f4423ce013cf14fbb.exe

  • Size

    73KB

  • MD5

    e7d52959a61057093f2170bef8952832

  • SHA1

    7bee65ed9e8ab33e24f640efc150d4126aa6a80e

  • SHA256

    57fddb1bef42e33ccee7e8d36af892b8635900cbd447748f4423ce013cf14fbb

  • SHA512

    d1924da35735aa9f45a6162deed6fd0fe52ccb130326197a163f042a82176dc4d8bb39e8dbeec69543c807a062554cde5f73d8a8f5220e3430a25e0dd25826e5

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57fddb1bef42e33ccee7e8d36af892b8635900cbd447748f4423ce013cf14fbb.exe
    "C:\Users\Admin\AppData\Local\Temp\57fddb1bef42e33ccee7e8d36af892b8635900cbd447748f4423ce013cf14fbb.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:112
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    78KB

    MD5

    b70d9e2d4e2b819f7ead666f383ae114

    SHA1

    305fd9da538eaf72d6b09e4dead67ef994853b4a

    SHA256

    d8db2f6ab0d3deb5d60ad82e7cad2732ec3cb9446d126bf4a942b582dd54694c

    SHA512

    fdbcd47463bbeee282cd2abe3fb74688a3b0ca0b8cdead38f3fdf3383d8e8494836654a5030545e5731cac0ef60f6847ef85c3fd1cd0cb03abdb6b74cc7fd150

  • \Windows\system\rundll32.exe

    Filesize

    85KB

    MD5

    a8747311056e7343e048e083726fbc5b

    SHA1

    0f742bc5f528ddbb5f8773f6297a5d352b3e5c69

    SHA256

    16c3d64c4fff35f909c3392240464838a380559a6738e09836708b01e8aa81ca

    SHA512

    60833a2dd7c35cc7672cb8d766ec7cacfd3f2fe1e01903ca4ed6f65ed6c1571c37ca8e30d9ada8b391607d311afbb931c84a430da57d43617e688d6ca7156c53

  • memory/112-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/112-12-0x00000000003B0000-0x00000000003C6000-memory.dmp

    Filesize

    88KB

  • memory/112-18-0x00000000003B0000-0x00000000003C6000-memory.dmp

    Filesize

    88KB

  • memory/112-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB