Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

234affae1e...0f.exe

windows7-x64

10

234affae1e...0f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    234affae1e0c38c977b55959972e627e6df25af817d65b35eb2a0304a26f690f.exe

  • Size

    206KB

  • MD5

    9876b3c6c6fcf53bdf065d81ec051072

  • SHA1

    a6c41ea3dc0420870363aa2cb4f96006f831e54e

  • SHA256

    234affae1e0c38c977b55959972e627e6df25af817d65b35eb2a0304a26f690f

  • SHA512

    abcf53fa1bb3e5866230517516876100bbf7ca38f72e0de1f48922aa64c153f7cc22e533af9a8ecda22b8d087f854dabd22e4de8b705ebf98b5485bd385becff

  • SSDEEP

    1536:/fsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbJdV:/VqoCl/YgjxEufVU0TbTyDDalbV

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\234affae1e0c38c977b55959972e627e6df25af817d65b35eb2a0304a26f690f.exe
    "C:\Users\Admin\AppData\Local\Temp\234affae1e0c38c977b55959972e627e6df25af817d65b35eb2a0304a26f690f.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3068
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3900
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2932
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3352
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    206KB

    MD5

    8255f40feec017695a9262a3c9775a15

    SHA1

    2e027f62b6290e136846623f6518cf94d679deb6

    SHA256

    034d0044fdd872ba8097798c702473232e8fee28a5878ad600301c120257cdd9

    SHA512

    9348c60de58192e8f1753048900215904f3b061721eeb2bb31961d0b3ae05e0b6c11659a619313a1ac7f156fefe9641f3c5e542a1c63d4142420781008c0ca2a

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    206KB

    MD5

    c2ff4c79c5214fd8053314578db97197

    SHA1

    40cd2b33cccc452256daadcae2db0449c990e42c

    SHA256

    a1d4992d085d74329efd73dd18e61275ae7f8fa17bb56049ba4e33b157d39a24

    SHA512

    f00ebc7b1e3f9f42d70a294feef9bc3f47f0d348bb1994043b08fa05e95febbe8392653d1b06ae8c04e506404cdb8cb261b681983361a34bddb4ff3b6d1aa808

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    206KB

    MD5

    e83fd6b9687b9ab1e4fe5c6fd26a02d0

    SHA1

    86a6c02987f75499b4374aa494fbc7df58a472c3

    SHA256

    a50776873928256a6c2a1a3637bfcc002eb86c2033b2ad7d044d8edaa6ce9929

    SHA512

    3962b0ce772affa148eebaaece0fc0fd090a06039a4559e5ffe17b52147ed0a334c2686c899c6140b27f3f83cdcca9b51dc036a3200f159b2257cbd04c03bede

    Download Submit

  • memory/388-32-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2932-33-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3068-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3068-34-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3352-36-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3900-35-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download