Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1aca0a22e1...0N.exe

windows7-x64

10

1aca0a22e1...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    90s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 14:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1aca0a22e141cd74df39829beab1cec0N.exe

  • Size

    135KB

  • MD5

    1aca0a22e141cd74df39829beab1cec0

  • SHA1

    1d19212f3131046a2bc5b8735a40010527000a23

  • SHA256

    d206754e9acc8e3a8a1a4635c170849a79da0af76900dc5492136f6b4caf16c4

  • SHA512

    dff1157cbe4f73f3900f4bd5ba5764a6d870d6442b4d192b203546966de91f3fe58adb2270afabb2aeb83973380b57911f76207710ae17c856a1e550345af83b

  • SSDEEP

    3072:UVqoCl/YgjxEufVU0TbTyDDal4dzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzj:UsLqdufVUNDaAzzzzzzzzzzzzzzzzzzj

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1aca0a22e141cd74df39829beab1cec0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1aca0a22e141cd74df39829beab1cec0N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4968
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5048
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1640
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1232
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    bee7de505faa7bf764d11cfcc1001edd

    SHA1

    3768ae18c1eb5de31425edb610b5a17c43fa4337

    SHA256

    f517f819f8787c7df090801a32481662db3f68c3c466326f9a2cbc2f6862d9ac

    SHA512

    34b47a713f2292b37679fa3ad04b7b08e6b6a06bc6fae7e83bc444df6124c0289a868760cff2e767b379e2d6ea1507b9f4565f3e67d722ff79e53c626e846ff9

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    266e0d6940b0956b303f291f995cd5b7

    SHA1

    96e3587a5cf6cf2e12128b776a8becbf43d30df0

    SHA256

    8760fc4b6a3dd1c7ef25db38d1797d35da75c150c8cbfc1c5cc68aa64e03c7a5

    SHA512

    f5612d958c9b2abf630e5458e0af3e8fe79d3dbaffde6319839a60ca0c67d2631ca0828f5843c28ec98301c4dfe0585e25c7634831cd8cb6ccf32389bc68c445

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    8ac624464d137caacfea485d62ccd96e

    SHA1

    37b9763fab6fe1fb634bf7b02c13ec007aaaf240

    SHA256

    ed784d156ecd9fcd61cef262a04a1467700b4bce26f5b2414395ccb16967bb3d

    SHA512

    ddc24134986b1afbfc73af4022f8c4ad7e17e103969675669152a44e1374ba9be50e578bc48864cb72b3feee20e76c50496d04dd7d3130ac342164184c162d95

    Download Submit

  • memory/1640-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2032-29-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2032-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4968-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4968-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download