Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

03faea0897...0N.exe

windows7-x64

7

03faea0897...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03faea08976b2ec65bf9ee79703dc770N.exe

  • Size

    27KB

  • MD5

    03faea08976b2ec65bf9ee79703dc770

  • SHA1

    6169f9048c91655730e96206b9a7832173263457

  • SHA256

    6b620d72542aa0284b9fda80cd2c860592473ca610be8729e70091baad32c14b

  • SHA512

    55d3ba2b36aaa8fcd5f38acb083a190c3d80fea5d5fc4eecd4b284a51bc7bf998243dacf2e1ab5b6f23a5d9b5c40d3497d0ed739d8f922b7ab4cdf2515007da2

  • SSDEEP

    768:PVEHJqjHyGvwFylDpulVSQJrE/2QmlCYZUbrv:PH2nylslwHCCLP

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03faea08976b2ec65bf9ee79703dc770N.exe
    "C:\Users\Admin\AppData\Local\Temp\03faea08976b2ec65bf9ee79703dc770N.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    28KB

    MD5

    3525971c9a8c03f4ea3a424ac1426773

    SHA1

    bff6de73d1545a0e6ff5e6f57ddd81dd699d93d8

    SHA256

    f7c8fe4fb3814af6aadfcf2a9a04cccae469d054401633fe05d93824fd3f61d0

    SHA512

    0653b5c9c29abdf55671c328fd38cc1b4b78ed3b5fb0707e0ce2c635fd76a588bc330d4ec13c1ff3744ab532fc8739eef349efa33d3b57f0f59b589e298187ed

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    31KB

    MD5

    897bed4be785c7e93543fa8eca6ca3fc

    SHA1

    d157d165b82ed1c459df278e2607734e883a04b6

    SHA256

    c2ee60c8e97c916a422879de22c248d0b1c0b5444bed72d223ec36f842fed9c9

    SHA512

    8bca0b958815b6ca3bbb8d27955c4f2959df90e669444569822543374e43613dae22f0ea250f8c851fd0e327573c5223086c21d232af56135e3a4e2ef1020db2

    Download Submit

  • memory/2260-19-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-14-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-15-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-16-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-17-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-18-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-20-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-21-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-22-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-23-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2260-24-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4556-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4556-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download