Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

98b8c35b27...cd.exe

windows7-x64

7

98b8c35b27...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd.exe

  • Size

    83KB

  • MD5

    83b97158ca7473747b81726f293ced6d

  • SHA1

    03cd15739637055725684b45167a27acf573cd13

  • SHA256

    98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd

  • SHA512

    bd7c4d1a5ad392a1d10e59be9c286536a2260385a2a896d366f65afe023c480936e138ef7622ced333230cad1285e073cbc744950073fe73b28ba439b089e571

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO6RzWTRG6p:GhfxHNIreQm+HiFRzWTRG6p

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd.exe
    "C:\Users\Admin\AppData\Local\Temp\98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    80KB

    MD5

    20a139672dd6dcf5199f6d016be285a8

    SHA1

    425eb1347a81ac20dec67c542ad59020ef8bea22

    SHA256

    1cf34d872830bef22af26430dc7738aab844e1e4a1999bf0a02a57a4d46f327f

    SHA512

    803e072649173dfb453fb58beccc1bbca20ed3e229e11ed0f9b41009aa63d92e594bde4689e09da482d4a29511a5620712304411a35b63c6191a76fa145f1f0d

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    81KB

    MD5

    a574034e829f6257872aad21563f7e25

    SHA1

    2817cc59c3e4f456a8457208f86ad56a38cc2dec

    SHA256

    b29ea909055fd3c10f17eddffb01cfae65fad5411a748d789d132e24d6d8a987

    SHA512

    35940320dc495507403bf5f9734e49fea3861dc16061406ddd59384f8c420ff4ed461c56adb2fa3472e0e6e503085a52ab5cf29957fa208fc5cf087b6398b753

    Download Submit

  • memory/2692-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2692-12-0x00000000005B0000-0x00000000005C6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2692-18-0x00000000005B0000-0x00000000005C6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2692-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2692-22-0x00000000005B0000-0x00000000005B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2864-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download