Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2b5a6fe143...0N.exe

windows7-x64

10

2b5a6fe143...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b5a6fe14376cbb5dc3ccc73aec34110N.exe

  • Size

    135KB

  • MD5

    2b5a6fe14376cbb5dc3ccc73aec34110

  • SHA1

    e6df196f3a11432091fd329d8a0f7b2cc9abf9c4

  • SHA256

    e5dfed3f665d93160eb7ed7c3abaa39ca23c6768e44a23d6cf60804530c4742a

  • SHA512

    14eb250c9a7df54f531fd6fc1dd88f6de40795aa227af67bb5f5e23db20b450a3cced267af0ce17279920ea9601cacf8102712739338c1723f5d06a6181e46b0

  • SSDEEP

    1536:4fsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVgEhu:4VqoCl/YgjxEufVU0TbTyDDalquu

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b5a6fe14376cbb5dc3ccc73aec34110N.exe
    "C:\Users\Admin\AppData\Local\Temp\2b5a6fe14376cbb5dc3ccc73aec34110N.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4912
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4116
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2196
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:1088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    56218f558f7a11fc3abe0cb6943268b6

    SHA1

    9c22e29f366834729f99a4a09d22814d01c820c0

    SHA256

    b9eff5172a0d945fab59928a5a643ade4eaa843a20ca0e80c7e17a91d5682bd8

    SHA512

    c45f997189081bd27ef3287d3000a5b7b18610d4dacb4b5cca71c4d259c0036344a78de7259d95814ba26fa42f7310cffeb1906e3bbd19c2669d784a246b7d5c

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    01cdd3c4c09311b238146b51ff0b379d

    SHA1

    6a7ca28dbe70cdf9acc1d24545ee5dc0d15c2bcc

    SHA256

    7c4fb5686ea59a1f775e1237f34d68d1d9a41d85eee217c4f79748acbebf4cfb

    SHA512

    10e0037e30938f4c274018f33918b711cc163e145d454c941f3cb4c2cc53d0a421f2c973231b7b1bcaf520f12be8ba13b44c509c2079df6f6f89596c53e789db

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    939e8d7a5c62e48e93bcbf2c8b21ee53

    SHA1

    07b91e6baa48c071376e05b80843a3f490b20ba8

    SHA256

    230dfacf19cc8d5440b4d88b600bd5cb758ef9128d90f1a0898a3cbb058da092

    SHA512

    624f56dc608e42f0fee2271df2bd63dbe6f3262926bff7879e77f4358ecdb58bc5ecb1e96773f9efab1119b6ece8d3846531c1b1192c2008beb4129215f9330d

    Download Submit

  • memory/1088-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2196-25-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4116-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4912-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4912-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download