Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

f8693fe7dd...f0.exe

windows7-x64

7

f8693fe7dd...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0.exe

  • Size

    80KB

  • MD5

    82af85c2ee08cdff5e14f996f70cc3bb

  • SHA1

    11b407bb9fab4a1fe87bf1f9bf77a1190f89a2e8

  • SHA256

    f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0

  • SHA512

    8db75ec2c3607084d7e4f9dd1298f7e9f18b8db0db06ee3cd34bf6eff8b68b4185afb1881405afc5c173a4b09611dec083fa8a2b4bd0dc8fa4bd5b6e08e9f0b0

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOdr4apL/:GhfxHNIreQm+Hi+r4apL/

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    84KB

    MD5

    4ef26a4dcee63ef8a7ab200ed88de0e4

    SHA1

    4bc4236dd5c48ad73083ae159de4f0fd737bc5a2

    SHA256

    9abc8f88be5d2d59c73c0f6ed940f7773b0346b131f56d3166efb595a6b4ecd4

    SHA512

    ee3a2364b9187ebf4d937f78c065d6d6bb2b5c9c7e580dc9e4c7f830340674174d6d97a7b04add624659dcb663e88d7350b788c141d6ab8146c7a7680882986b

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    75KB

    MD5

    650d67959e86889737357821b32c8bea

    SHA1

    ab658b5ff06a682ed620db0ee32476468a3be06c

    SHA256

    42571491006ec19445515ef0c2ee6b00aee8ee6ea35f0893c62edc28fa5b8ebc

    SHA512

    70b3de889e039d285b952d1a1bd46c12a12db0e45de850ba2ef8b588c99aab239cc9b96ea3c5078232cf69de706f9e214c0b1b6bda1bef52cd3f718b60f5a17a

    Download Submit

  • memory/2088-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2088-13-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2088-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2088-21-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2112-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download