Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/06/2024, 02:14

General

  • Target

    8c6334806134d6c961b23b973b665c61568b0cf3c82945050be246c21819a57c.exe

  • Size

    83KB

  • MD5

    d3cfcb43c8435705ba4aedc5a390b9bd

  • SHA1

    cb7c12c75fc47cd5acd71a0d5a455d95c8cf33fb

  • SHA256

    8c6334806134d6c961b23b973b665c61568b0cf3c82945050be246c21819a57c

  • SHA512

    ab1faaee599fe51e005c5df2acca0a111cc4d3754c08880a7c07b409fa127a82aac1865fec907a9617c7e5d965e37f8ba44c7a8d5cdb50f57f60977522d4bf0f

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWODK:RshfSWHHNvoLqNwDDGw02eQmh0HjWOG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c6334806134d6c961b23b973b665c61568b0cf3c82945050be246c21819a57c.exe
    "C:\Users\Admin\AppData\Local\Temp\8c6334806134d6c961b23b973b665c61568b0cf3c82945050be246c21819a57c.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    81KB

    MD5

    3a51e8924e22c5e863442bfe99fb18b3

    SHA1

    79c4c5ec8ed9e30f69d885d0fa982440716e00f2

    SHA256

    d682d0254369d017b100a15bb8a8871af2c164dd26b73b42a8a0a66da5fb1589

    SHA512

    d1f16919d42ae4e44c2b002d821a2ca00db5b299d4865e20d7e00e01b20111fec6974e806a05f6b784588c7f0d25da5478d058762170f820745dd4d29b39cf2e

  • C:\Windows\System\rundll32.exe

    Filesize

    80KB

    MD5

    3c8e05a95e5e7bdfe7ab2b90e29c2807

    SHA1

    3b4c44df10d5f17f1f2f5a2a35927dbfb09e64e3

    SHA256

    66c31e9162cf7a07501ffa9c3ade644f0633e4dfa8f3251e43995f89323afb16

    SHA512

    17460eb5625399685e41ab18b083805038c8392a285db7e792d9bbf903d66ad1f4a7c596039a4c8c5c007d833c6abd241f944f34c6830a6e86c251edf38f4d17

  • memory/2912-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2912-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB