Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

setup.zip

windows7-x64

5

setup.zip

windows10-2004-x64

1

Resubmissions

06/08/2024, 00:45

240806-a3893sxflg 4

06/08/2024, 00:42

240806-a2cjqaxeqf 5

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.zip

  • Size

    36B

  • MD5

    a1ca4bebcd03fafbe2b06a46a694e29a

  • SHA1

    ffc88125007c23ff6711147a12f9bba9c3d197ed

  • SHA256

    c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

  • SHA512

    6fe1730bf2a6bba058c5e1ef309a69079a6acca45c0dbca4e7d79c877257ac08e460af741459d1e335197cf4de209f2a2997816f2a2a3868b2c8d086ef789b0e

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\setup.zip
    1⤵
      PID:2352
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1800
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1328
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Drops file in System32 directory
          • Modifies data under HKEY_USERS
          • Suspicious use of SetWindowsHookEx
          PID:972
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
          2⤵
          • Modifies data under HKEY_USERS
          PID:1736

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
        Filesize

        1024KB

        MD5

        914ccd5abf3969f3b7a886c57cec5202

        SHA1

        db8e5f8c1f038a8f3401b49d2ea394f3995ec18d

        SHA256

        1125a4e1266c297122c7341938776ad9a5bbf782e2dfd2db7589787fcda31d30

        SHA512

        0207b8db600c0eb47b46f663f9eeb09db5c71fab34e5221b4611413a7a19629821986da37c2ff5cb06997c09df220be59cec4d0e1cdaf567f082c89782056a77

        Download Submit

      • memory/1328-66-0x0000000003340000-0x0000000003348000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-77-0x0000000005470000-0x0000000005478000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-42-0x0000000001480000-0x0000000001488000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-43-0x00000000013C0000-0x00000000013C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1328-49-0x00000000013C0000-0x00000000013C8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-51-0x0000000001370000-0x0000000001371000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1328-0-0x0000000001B10000-0x0000000001B20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1328-73-0x0000000005480000-0x0000000005488000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-60-0x0000000002F10000-0x0000000002F18000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-74-0x0000000005470000-0x0000000005471000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1328-16-0x0000000001C10000-0x0000000001C20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1328-88-0x0000000005770000-0x0000000005778000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-90-0x0000000005790000-0x0000000005791000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1328-89-0x0000000005820000-0x0000000005828000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1328-95-0x0000000005820000-0x0000000005821000-memory.dmp

        Filesize

        4KB

        Download