Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

0cb42e9ad7...0N.exe

windows7-x64

8

0cb42e9ad7...0N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 21:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cb42e9ad739c9babef32fa029598000N.exe

  • Size

    129KB

  • MD5

    0cb42e9ad739c9babef32fa029598000

  • SHA1

    fe40949c9b47cbd3822b0934a95c171d3b60a1a6

  • SHA256

    2e698586e4341da73b89c74db4e275bf1c73dc99186ce01ec5a378d68c422ed8

  • SHA512

    fab95aec976083931e4348678ddcc623545043709b92c2c102c4438d0ba81938a1976e0225e1c76c53d26b0a9fc1e9369c34baa93dd88db503ec1d7f1df05a8a

  • SSDEEP

    3072:knZjfso0f5z9f57fgDWChiOzl0LEnFvUf4FnWRYCdB:kndp0f5z77fgDNlzl0L0dUf2WRNdB

Score
8/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cb42e9ad739c9babef32fa029598000N.exe
    "C:\Users\Admin\AppData\Local\Temp\0cb42e9ad739c9babef32fa029598000N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3492
  • C:\PROGRA~3\Mozilla\xulehse.exe
    C:\PROGRA~3\Mozilla\xulehse.exe -ftjaxdi
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:1892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Mozilla\xulehse.exe
    Filesize

    129KB

    MD5

    afed04baa15fb51f37205dbd67b386bf

    SHA1

    04708a297041f5b1ed3d373089606335f5008d01

    SHA256

    a86f2cc15f1629fc3faa5f8179cc5320d714a4d112f888277d8e455c0d84b7de

    SHA512

    0b3812f5c495f1e0653dff8ca8a1414d39135790cbd4f02265fa85156b4b66d0f4b7773b19f4443a240092218628c4d824bc698ef9ee924d909fb2003787acf3

    Download Submit

  • memory/1892-10-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1892-12-0x0000000001090000-0x00000000010EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1892-18-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/3492-0-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/3492-1-0x0000000000401000-0x0000000000403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3492-3-0x00000000006C0000-0x000000000071B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/3492-11-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download