Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 04:42
Static task
static1
Behavioral task
behavioral1
Sample
b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe
Resource
win10v2004-20240508-en
General
-
Target
b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe
-
Size
75KB
-
MD5
78b6bf5cefd6bb0aac3b5258a671934a
-
SHA1
d4660bc39440a0c03b636601670697dd1d5bf765
-
SHA256
b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b
-
SHA512
b25751a85296213b50b66ece57530130571916867b95c18a46b7e0b461c22005b4f3013356eef0e2fd111b35d194cd75b60e55435eece565c6c3db0958d791dc
-
SSDEEP
768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOPD:RshfSWHHNvoLqNwDDGw02eQmh0HjWOPD
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3008 rundll32.exe -
Loads dropped DLL 2 IoCs
pid Process 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe -
Modifies system executable filetype association 2 TTPs 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\exefile\shell\open\command b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"%1\" %*" b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "¢« \"%1\" %*" b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Key created \REGISTRY\MACHINE\Software\Classes\exefile\shell\open\command rundll32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "¢« \"%1\" %*" rundll32.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\¢«.exe b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe File created C:\Windows\SysWOW64\¢«.exe b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe File opened for modification C:\Windows\SysWOW64\notepad¢¬.exe b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe File created C:\Windows\SysWOW64\notepad¢¬.exe b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\system\rundll32.exe b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe File created C:\Windows\system\rundll32.exe b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe -
Modifies registry class 15 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\exefile\shell\open\command rundll32.exe Key created \REGISTRY\MACHINE\Software\Classes\MSipv b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "notepad¢¬ %1" b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Key created \REGISTRY\MACHINE\Software\Classes\txtfile\shell\open\command rundll32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "notepad.exe %1" b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\MSipv\MainVer = "506" rundll32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "¢« \"%1\" %*" rundll32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "¢« \"%1\" %*" b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Key created \REGISTRY\MACHINE\Software\Classes\MSipv rundll32.exe Key created \REGISTRY\MACHINE\Software\Classes\txtfile\shell\open\command b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\MSipv\MainSetup = "1718253756" rundll32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\MSipv\MainUp = "1718253756" rundll32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "notepad¢¬ %1" rundll32.exe Key created \REGISTRY\MACHINE\Software\Classes\exefile\shell\open\command b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"%1\" %*" b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3008 rundll32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 3008 rundll32.exe 3008 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2140 wrote to memory of 3008 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 28 PID 2140 wrote to memory of 3008 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 28 PID 2140 wrote to memory of 3008 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 28 PID 2140 wrote to memory of 3008 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 28 PID 2140 wrote to memory of 3008 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 28 PID 2140 wrote to memory of 3008 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 28 PID 2140 wrote to memory of 3008 2140 b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe"C:\Users\Admin\AppData\Local\Temp\b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Windows\system\rundll32.exeC:\Windows\system\rundll32.exe2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3008
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
79KB
MD532bc94676d71a8e525fefb1c8133fae4
SHA1eefe95bd6ab5766307ee373f7b56b2804a9ee5cf
SHA256e37abdd59f3f210bbb76607b6bedb9840066026475d2ea0bacdb54e7da994e4c
SHA5128350b35e44911b8fde488bf71e40d5edf0e5b6de816ae32f6074df686e69ef36c25cc57b05eccb5d78c35bd842492b1632ad7ca598ff68500e444a3da12d70ec
-
Filesize
75KB
MD54ea491b31b9860278d37e47fa785fa35
SHA1af8ab05fbf044b0b5b45c6a74663f8e156055629
SHA25635ebd346d0263fcf5af752788fe4db9f149b55940a1ff97a3fb957079c1a4300
SHA5122ad9e279e0da260032203b8a2fb13467948b8d1f66053162114854a384850b994a5642af24651884602e5c71828f7d17184437d762d5986283b0c687b02d3f6a