Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
30/06/2024, 10:26
Static task
static1
Behavioral task
behavioral1
Sample
1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe
Resource
win10v2004-20240508-en
General
-
Target
1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe
-
Size
11.1MB
-
MD5
e0d26f04cac3d7ef8843edf4bf1d7581
-
SHA1
eb0ea72a732f413387759693ef88ca37c886d38a
-
SHA256
1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155
-
SHA512
e7219a7cc0d7cc8cfe87362b89fbb2d4de218e7e2cbbb9c2439c9a1b2e905b646206c80f499631402dcd115e2f798bcea9fb688bb8923bfd98ce35abdec40bbd
-
SSDEEP
98304:H30h9VVPmUuSv/WKth7bcleXpyoDzHBQtG3i41EaBmB0o0jxnHEZCp6dGOzs6uiD:qruCvh7pQoXhQET1AIxSCsbzs6iq
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2432 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 2300 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\Fonts\font_temp.ttf 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe File opened for modification C:\Windows\Fonts\font_temp.ttf 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 2736 PING.EXE -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2432 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 2432 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 2300 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 2300 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 2432 wrote to memory of 2660 2432 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 28 PID 2432 wrote to memory of 2660 2432 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 28 PID 2432 wrote to memory of 2660 2432 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 28 PID 2432 wrote to memory of 2660 2432 1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe 28 PID 2660 wrote to memory of 2736 2660 cmd.exe 30 PID 2660 wrote to memory of 2736 2660 cmd.exe 30 PID 2660 wrote to memory of 2736 2660 cmd.exe 30 PID 2660 wrote to memory of 2736 2660 cmd.exe 30 PID 2660 wrote to memory of 2300 2660 cmd.exe 31 PID 2660 wrote to memory of 2300 2660 cmd.exe 31 PID 2660 wrote to memory of 2300 2660 cmd.exe 31 PID 2660 wrote to memory of 2300 2660 cmd.exe 31 PID 2660 wrote to memory of 2300 2660 cmd.exe 31 PID 2660 wrote to memory of 2300 2660 cmd.exe 31 PID 2660 wrote to memory of 2300 2660 cmd.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe"C:\Users\Admin\AppData\Local\Temp\1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432 -
C:\Windows\SysWOW64\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Restart.bat2⤵
- Suspicious use of WriteProcessMemory
PID:2660 -
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 23⤵
- Runs ping.exe
PID:2736
-
-
C:\Users\Admin\AppData\Local\Temp\1294c579f9c8799ce54a71124e160b055103322c7de69a6caf8502dce6849155.exe"C:\Users\Admin\AppData\Local\Temp\1294C5~1.EXE"3⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2300
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
113B
MD5de01ebf325dbc77b733c6eae8390b351
SHA1bb23710f577517d4ab4cf85981f3122c4e8d47fd
SHA2568d3ce26fbaec2301260335f6a18de21457cafa82d98eb8380bd159b798999b30
SHA512588983c23eb9e289767b9937757bb769897df110643a4760846728673b84f29e0fe58593f16f2511be011b2225290b0269d770860302390fe1ceac11acb7138c
-
Filesize
8.0MB
MD5092a99ee52bbaef7481cc96c5b85b992
SHA106b8475f99605af9ff9ff3ed1d0eb907fd57c06b
SHA256b3f675ccfc65edd6f27432dec6639b1414e9dc627831791263a99e2d711d215d
SHA5123538cebe1c0e2439c7ba289c4420627d59b4922e26242408f114aa01d342734b057d92edac35bee7c47cb926091695efc6c560802db0cd342f75cee1f8b96baf
-
Filesize
333KB
MD556a2bcecbd3cddd6f4a35361bf4920d6
SHA1992e63be423f0e61093ba183f49fc0cbec790488
SHA2565fcfac18758a12e0e717a5189f379922a32b5ac12f26491e638d70b54ae1dcab
SHA512473cbdf760242db1f0f1d0c27046c0564998f2bf931ad03feb28af3c7bd253d00e6f0836dadf37f29e0db4171eb64e6a15ed4cb9a9d28b48fb0aab601573f551