Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

98b8c35b27...cd.exe

windows7-x64

7

98b8c35b27...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd.exe

  • Size

    83KB

  • MD5

    83b97158ca7473747b81726f293ced6d

  • SHA1

    03cd15739637055725684b45167a27acf573cd13

  • SHA256

    98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd

  • SHA512

    bd7c4d1a5ad392a1d10e59be9c286536a2260385a2a896d366f65afe023c480936e138ef7622ced333230cad1285e073cbc744950073fe73b28ba439b089e571

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO6RzWTRG6p:GhfxHNIreQm+HiFRzWTRG6p

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd.exe
    "C:\Users\Admin\AppData\Local\Temp\98b8c35b2702332e36bdb582ea7e61997cb649a51a0a890fa21dfef92cd704cd.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    74KB

    MD5

    0f3b055afc5e0fc19a9ad6a41cecdd5a

    SHA1

    9889f0f9cef780d422296bb034f01c8a8331b8aa

    SHA256

    b2da7f54e275ab349ba77d1473029c972995c098f923b0759b77fd2d0cb56d48

    SHA512

    f3adebff459c0a3d2cb6e5d00813da73bdb56dc3e84b4e588b38f57bb79005bc0aff6d2ac94238b7fecf4d558404ec33b902d5f968ecdbb77ec187234c6895a6

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    75KB

    MD5

    188e7ad3539ff0596fe4fa3294da7790

    SHA1

    3d6b53dffc61692d2f80031e0f5128bc2c94d04a

    SHA256

    c1519b08ac2bf6e43ec4f5ea929523c2946de0531534ffd5359e684882e7513f

    SHA512

    b7cb8dc67e2bdaa949bb863d9bb5d1735548a8fc5509a43780eb66a85834983d3ca3e3df186525bc314571a5df36dea86fbcddaed1461fe6bbea784a3b81d676

    Download Submit

  • memory/2284-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2284-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download