Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 04:43

General

  • Target

    789a71514aade8f27536ed4535d1bfd687efa498944f772800fbf779814d81d6.exe

  • Size

    76KB

  • MD5

    0def51919528f794a79273e47275cf60

  • SHA1

    c7bb662a60983b8b6686d1642e9303bdc11eaea7

  • SHA256

    789a71514aade8f27536ed4535d1bfd687efa498944f772800fbf779814d81d6

  • SHA512

    6ea39fb99d14f7e4846602bb22d288bd24ee0a52cba451bf97dea1b8f275320e2bcb605133c37df51d4530f7d2a261fb8ad4c47d7008bfd71388770e83e6e416

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOpM:RshfSWHHNvoLqNwDDGw02eQmh0HjWOu

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\789a71514aade8f27536ed4535d1bfd687efa498944f772800fbf779814d81d6.exe
    "C:\Users\Admin\AppData\Local\Temp\789a71514aade8f27536ed4535d1bfd687efa498944f772800fbf779814d81d6.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    82KB

    MD5

    b8c1a19aebb4b1ccc61ad661a898cfd4

    SHA1

    c75d1ce561835402c6063d4e21086803eab64fb7

    SHA256

    a99839cc8b12f0b6bd3552ade1ef276c44faee0264f34cd105ec22ca00e7fc6a

    SHA512

    42282c44933fea3b5758db84614f32a4c7b2bfbba6d26297832d44c621966791e9a2a64aeadfde61b4661094f8bd6648e3fc828903a588a1a440cac12e6a0743

  • C:\Windows\System\rundll32.exe

    Filesize

    84KB

    MD5

    4a7d8847234ef047de6dfb647e0b50c0

    SHA1

    7a928e5362c7866ea530fa02e049e2e7c922d48a

    SHA256

    d6313d16d3181542e12c19c80166a61668459ed407782ef84d9a7131d97c4dd1

    SHA512

    080524e24e1a78a385882f9592053a0fa373f4395163cd902841e5378c63d0e8fae3316a6c38a399af4438311611d1eac2ec158e27196d1d59b442dfa39d3b61

  • memory/2256-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2256-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB