Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d15257a7d1...9e.exe

windows7-x64

10

d15257a7d1...9e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 04:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d15257a7d17d4b51d39176c066ff5d8e6f0a1095379fdac628b1b907bed89e9e.exe

  • Size

    135KB

  • MD5

    3a6187febeedc341dde52d3507b2909f

  • SHA1

    c6db907b576b904c144b05e123260df567d2dd2c

  • SHA256

    d15257a7d17d4b51d39176c066ff5d8e6f0a1095379fdac628b1b907bed89e9e

  • SHA512

    41c81d345ef820666a89a30af3a45c079d9f730ca25b1a030fb98075d005701a74e8ac6a8fd8f193b32f959b5fec9df700e0db8ba782f17d4ba958d6d49ae5ee

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbV0hYt:UVqoCl/YgjxEufVU0TbTyDDalht

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d15257a7d17d4b51d39176c066ff5d8e6f0a1095379fdac628b1b907bed89e9e.exe
    "C:\Users\Admin\AppData\Local\Temp\d15257a7d17d4b51d39176c066ff5d8e6f0a1095379fdac628b1b907bed89e9e.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2920
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4596
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3924
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1124
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    0c829a26a19ac821c448ab363d47d600

    SHA1

    07b11f7d382c418833ff99284f06b8ac6d6b3d48

    SHA256

    d581732890ae2022c1ba215759067ab9728b1be8deff07c595322684628923b0

    SHA512

    ccad479dfd42497d7abe82ec3099e0b5ba569da3fd1e890ba6a687fdc1035ad8a07d91aaca988629038d4634f33de05d5803f1d7f3dcf7235ddc8c222c55d520

    Download Submit

  • \??\c:\windows\resources\svchost.exe
    Filesize

    135KB

    MD5

    72507375d71348a7839e9449dbb10f18

    SHA1

    2252cab89f44df571454e5625f8f6d06448a170a

    SHA256

    da1c205b57bf9c2bd9e8e900aea634d1a5d15ea878c9aaa5230c21e984007d48

    SHA512

    9d6a2dce5bce180beca54ed083526a6e77ae4bc9f509742fa378d564c825527c7c5205b8bdf381a4db2b38efebdf8f0fd301eebdd067a4c7dadd8f846bf26d78

    Download Submit

  • \??\c:\windows\resources\themes\explorer.exe
    Filesize

    135KB

    MD5

    d7f397a1e50bbdcac42bb266cfe6fc7a

    SHA1

    1a01963e1a6a51ab080292bb0b2b62706262676f

    SHA256

    a8413c8a44fa9838cf0f57b8ae60710ecddf51a4fc0fcd03205497ccb8c76995

    SHA512

    e1be7fac173d06b9663d728ba0e7bad9ab48e6252cddb6e4c5cf2d8161681040ec998837322dd740e0a755a45de5f874b3742f92f5a2bc8062124112d416741b

    Download Submit

  • memory/1124-36-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2784-32-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2920-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2920-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/3924-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4596-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download