Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

131737354f...0c.exe

windows7-x64

7

131737354f...0c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    131737354fa9851c749328facb863eecd106cc0f8ca2841c05e6a0c9a468d80c.exe

  • Size

    82KB

  • MD5

    cb3e9ac089012bb811edc08abce1e35f

  • SHA1

    c2f414df59586e332fd17f6f7e54cdf4e03aad6b

  • SHA256

    131737354fa9851c749328facb863eecd106cc0f8ca2841c05e6a0c9a468d80c

  • SHA512

    d65a49bc6bd7a92df1628d061c86433b76344000cbd1e511a02e0570de19cb7f824d94be10ea82b6a1ef0666c1a983bf1180e98d9a5443e062e83e767b170c22

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO5a6M:GhfxHNIreQm+HiKa6M

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\131737354fa9851c749328facb863eecd106cc0f8ca2841c05e6a0c9a468d80c.exe
    "C:\Users\Admin\AppData\Local\Temp\131737354fa9851c749328facb863eecd106cc0f8ca2841c05e6a0c9a468d80c.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    cb2b8202fb068311316c694bf1060bb5

    SHA1

    e27e6338b295f6ccbb05a4f5f7144a4fe41c8906

    SHA256

    0e8dd8c3f0ed61352d1b5d800391dfad2c0ff555d49613e27c79e3988ce46d1a

    SHA512

    965dc94dd07091dd6eca6381859ea89f62030ecb6a834bfc138ef162b4ab215d279acdb682c2c59b29d80cbcbf70d2a4b22599e9d7a78644cc11e16ece85ae49

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    80KB

    MD5

    9471125e00413027be8edf37f8ae6555

    SHA1

    6be7a6a0d7cadda524e13d1707033fe92244915f

    SHA256

    26870f212355f1f1fe9f2c65d9b9bf455f21bb828dd1b4048ca6dcc485e69dd1

    SHA512

    ebdc92e1dd3518bd74a95ec6f5b48cdab8920cae3441dbb293329747a80943ba4caf08bfb011dde3acf9500f84b40889189db8dabfbe4c00b924dc962842a637

    Download Submit

  • memory/2440-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2440-18-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2440-17-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2440-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2440-21-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download