Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
23s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
30/06/2024, 20:34
Static task
static1
Behavioral task
behavioral1
Sample
0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe
Resource
win10v2004-20240508-en
General
-
Target
0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe
-
Size
10.3MB
-
MD5
4c463143710774d2e2abb02c8526d546
-
SHA1
d9ad3b7bbf4d9897a0afe0cd635f591fcb59980d
-
SHA256
0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8
-
SHA512
575e0bbdaaf433a5aa8132561975fcadc27a909662cbffa54d1a63358bc0738a59b95f039602ef92dff08232d0147984022443cc5041bf5f1f0ab52a2a28d83e
-
SSDEEP
196608:qGs68aYqsBmiFm4CTqfG+vTiwnDmNQkJM8uDIYnKO0uFK:ds68aD4F3e+biSDcQwM8uDuj
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe -
Suspicious use of SendNotifyMessage 4 IoCs
pid Process 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe 1696 0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe"C:\Users\Admin\AppData\Local\Temp\0240b4d27e1beeec988a3846df1a80c7dbd8194fd3147fa960b3d59a271217c8.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1696 -
C:\Users\Admin\AppData\Roaming\datatemp\aria2c.exe"C:\Users\Admin\AppData\Roaming\datatemp\aria2c.exe" --conf-path=C:\Users\Admin\AppData\Roaming\datatemp\aria2.conf #--save-session=C:\Users\Admin\AppData\Roaming\datatemp\aria2.session --input-file=C:\Users\Admin\AppData\Roaming\datatemp\aria2.session --rpc-listen-port=7022 --listen-port=7055 --dht-listen-port=7033 --enable-rpc=true --rpc-allow-origin-all=true --disable-ipv6=false --rpc-secret=123 --enable-dht=true --enable-dht6=true --dht-file-path=C:/Users/Admin/AppData/Roaming/datatemp/dht.dat --dht-file-path6=C:/Users/Admin/AppData/Roaming/datatemp/dht6.dat --bt-external-ip= --stop-with-process=16962⤵PID:2820
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
55KB
MD54a1b71ede6ff12456038f6a26e356a42
SHA116af6552ebbeb0300d1451715add745e840ff993
SHA2560ee9c9e686a595f86d25854bca6e92e8bfd51437a28306b4eaebf736156cc7ee
SHA512bea15214c76083c86f4104e569bb93ba7000e4e555382b6cc97e0c9bdb6b4de72f50b8458d4c3420e073edefe4f40b7eea580000001d089fd5c78e303fbd8501
-
Filesize
2.0MB
MD57ef192e1abc57225c174c0b855a7c898
SHA1b3a39b59f6c93b3ff693e4224cb32d4fc9fe595b
SHA2566eff05c9eb0838f63fa840ed29d44e8b432ea287cca5cd88c9bce08d60cdd109
SHA512ee723cc90bf11ff3995f18ce9250fdf40ae4480497a2e02498afa0a1e2f3d106134ffbeab89e8763a5d835f7db0062c18c0abefb6983781e17e714105f2e9a72
-
Filesize
2.0MB
MD57885bbdb353c408905c35a11718f9f0e
SHA1c8c869ab80d88b5f2fb5a0ed8760df6c8812c82f
SHA256de454ed642fc6ab800dcc6090a3ddf435858182a9658efb7e46e428532f53519
SHA512e8f81474bef944e2d94420c5957b399da2f7b0c99032097f88df1f2614dcbf0041a6bc25c8cc260c798c2ce7a406c8be4e9b78645482d6bba574f9f8f7a82f79
-
Filesize
2.5MB
MD5cc6ab2f8b7d330cde8ec9f482a31a4f2
SHA130e0ea85a861048d71f05ee26aa3afcd6b478f6e
SHA256da6e0d46e18ae29f2f5a4a91ee6dbb84f34d81a604a8407637b2a4cd6f0b4d99
SHA5129cb64f390a12e8392b30c9c9860f0fdb11e19a632326623fca6630e43564eac3ff077ac8c1a1214d6c24d195dea30e010674ffe1fb3402e386264bc297560398