Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 04:42

General

  • Target

    b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe

  • Size

    75KB

  • MD5

    78b6bf5cefd6bb0aac3b5258a671934a

  • SHA1

    d4660bc39440a0c03b636601670697dd1d5bf765

  • SHA256

    b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b

  • SHA512

    b25751a85296213b50b66ece57530130571916867b95c18a46b7e0b461c22005b4f3013356eef0e2fd111b35d194cd75b60e55435eece565c6c3db0958d791dc

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOPD:RshfSWHHNvoLqNwDDGw02eQmh0HjWOPD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe
    "C:\Users\Admin\AppData\Local\Temp\b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    79KB

    MD5

    32bc94676d71a8e525fefb1c8133fae4

    SHA1

    eefe95bd6ab5766307ee373f7b56b2804a9ee5cf

    SHA256

    e37abdd59f3f210bbb76607b6bedb9840066026475d2ea0bacdb54e7da994e4c

    SHA512

    8350b35e44911b8fde488bf71e40d5edf0e5b6de816ae32f6074df686e69ef36c25cc57b05eccb5d78c35bd842492b1632ad7ca598ff68500e444a3da12d70ec

  • C:\Windows\system\rundll32.exe

    Filesize

    75KB

    MD5

    4ea491b31b9860278d37e47fa785fa35

    SHA1

    af8ab05fbf044b0b5b45c6a74663f8e156055629

    SHA256

    35ebd346d0263fcf5af752788fe4db9f149b55940a1ff97a3fb957079c1a4300

    SHA512

    2ad9e279e0da260032203b8a2fb13467948b8d1f66053162114854a384850b994a5642af24651884602e5c71828f7d17184437d762d5986283b0c687b02d3f6a

  • memory/2140-18-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

  • memory/2140-12-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

  • memory/2140-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2140-22-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

  • memory/2140-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/3008-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB