Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

43fae6a60d...cd.exe

windows7-x64

7

43fae6a60d...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43fae6a60dffcc47045c6f132d41ec77db2134dc825c35d1bf3abeb7210226cd.exe

  • Size

    5.0MB

  • MD5

    6d7b8f5bfd03d8fdacebd97ea437b559

  • SHA1

    d7b3a1bcd0b1cda98805165e726cc8716d86c1f4

  • SHA256

    43fae6a60dffcc47045c6f132d41ec77db2134dc825c35d1bf3abeb7210226cd

  • SHA512

    12b15265295f1e7fbb4a1e75a43ac2fa9e988526724032fd20d2053ab47832488759b0be8e562be391ddecc2eab4d3ec98279e825e6cfcc73b356093a6a53ca6

  • SSDEEP

    98304:NcFiJETrDllPOOCrbAyNa0hdvV8Y288tjxGjQ/cshPyBe+Rr0NuTBpVY:jJSDbPOEodvO88tjxGjQEsae+5ntY

Score
7/10
defense_evasiondiscoveryprivilege_escalation

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
    defense_evasionprivilege_escalation
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43fae6a60dffcc47045c6f132d41ec77db2134dc825c35d1bf3abeb7210226cd.exe
    "C:\Users\Admin\AppData\Local\Temp\43fae6a60dffcc47045c6f132d41ec77db2134dc825c35d1bf3abeb7210226cd.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\MiddleWareX.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Windows\SysWOW64\mshta.exe
        mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c C:\Users\Admin\AppData\Local\Temp\MIDDLE~1.BAT ::","","runas",1)(window.close)
        3⤵
        • Access Token Manipulation: Create Process with Token
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:3000
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\MIDDLE~1.BAT ::
          4⤵
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1976
          • C:\Windows\SysWOW64\regsvr32.exe
            regsvr32 /u /s C:\Windows\SysWOW64\MiddleWareX.ocx
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2920
          • C:\Windows\SysWOW64\regsvr32.exe
            regsvr32 /s C:\Windows\SysWOW64\MiddleWareX.ocx
            5⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            PID:1916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MiddleWareX.bat
    Filesize

    289B

    MD5

    2c4b4ba717acec4f8629f295b202f49c

    SHA1

    93837ef6098e8de8cc50c20d2a5dada3f7a48892

    SHA256

    8c1179c8249eb42966164221056570f651d1f24cea66122130cd933e43e24c7f

    SHA512

    184ab3940e7240e30872fd3223d51c11871bdd874b8d8d6062baff9907e95f29cae322f8113f046f7e1fad54d9fef9b692c8854df2536804e06723d02abbf99d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MiddleWareX.ocx
    Filesize

    2.1MB

    MD5

    dc4a6a41db0678422c5fbbb1068b1752

    SHA1

    a6b80709cc11ebee962873a777a6ca08b85608cd

    SHA256

    03965be1329c5f2e2983de87740c03d122df7088a31a50e3fbbbb970e29edd75

    SHA512

    d7ca0a267d385bb647042004af3c88b13154d3ac7f2d77a33ba9d434ed035e59cb32a57fea248587a8f69e5c254e042301cf9b46121615f57fe10032bba7a1b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MiddleWareX_App.log
    Filesize

    331B

    MD5

    9d33a096a43d984a4c4bf48bed970521

    SHA1

    1c8cfb8d92ee026230cba64ee4588a9dd9d96796

    SHA256

    4e82a4fa33970fbd94b1d0eab1be5d2d5aa0d4456d36343214b750d735ba392a

    SHA512

    ab9b895acb5ce22f18ee1416b0647103ebe71cddecd60fec36d3cbefcd9a68aa7f884be8c65cf0700b8b44d67a276115026d71c43281acd20c975ff49c91153e

    Download Submit