Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 04:42

General

  • Target

    b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe

  • Size

    75KB

  • MD5

    78b6bf5cefd6bb0aac3b5258a671934a

  • SHA1

    d4660bc39440a0c03b636601670697dd1d5bf765

  • SHA256

    b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b

  • SHA512

    b25751a85296213b50b66ece57530130571916867b95c18a46b7e0b461c22005b4f3013356eef0e2fd111b35d194cd75b60e55435eece565c6c3db0958d791dc

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOPD:RshfSWHHNvoLqNwDDGw02eQmh0HjWOPD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe
    "C:\Users\Admin\AppData\Local\Temp\b14518774148a69aa9da2c76e1fb790ddfff1ac550dd272839c19a4ec6c2288b.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4456
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    76KB

    MD5

    ae131d80317e290ed4f215c1b1479e22

    SHA1

    6655410815e9a4eb1a8fa59582626ad955f37675

    SHA256

    91bbd0ff2491f9d65d15ba1d1c06fa9075623e937696e357ce1a70608930c214

    SHA512

    1abfe1f19434abdd0d90ad7449768d1e0e788cff701cd7979c1ba4a2bda49ee23aef03641566752a55e4fbae385438993ca1d58a42f1f02bf5a5ef7c002e3d4d

  • C:\Windows\System\rundll32.exe

    Filesize

    74KB

    MD5

    7e618fe5243fcb4867f91ea1867a7d70

    SHA1

    20097fa73682efbbd1da68ec6d4b01cbbffb2c86

    SHA256

    478d599bdb3f4d06d7cedc4feaa86b14443426635c05c0143faa1217924dc5cc

    SHA512

    fbc406ed2d5a4f8685334fc4f11dfa91813a2517c7d052a263b50e45b3e8eed41f1917e619807072915ec9cc707a680d074f99370a46e5cf0d7040cbfa1c65cd

  • memory/4456-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4456-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB