Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

81356627d7...a0.exe

windows7-x64

7

81356627d7...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2024, 05:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81356627d78fa186586c63aada6e19cf4c65b55e0d1a9a2fa3f32bb23e35a7a0.exe

  • Size

    82KB

  • MD5

    ecdea8419b22f25da2d665e22ccee4fb

  • SHA1

    846ed5b3e538e24a0560da2f2b05d40eeb1ef8f5

  • SHA256

    81356627d78fa186586c63aada6e19cf4c65b55e0d1a9a2fa3f32bb23e35a7a0

  • SHA512

    b4f97a42893f954ac2629ac9621998a02d4b57f9f43785f0264ac2c2563be981d0a4ebbcc2b709c5524996bfe4686a72e19d5802e704ef7ddc3802382a377b39

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO+j0:GhfxHNIreQm+Hi5j0

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81356627d78fa186586c63aada6e19cf4c65b55e0d1a9a2fa3f32bb23e35a7a0.exe
    "C:\Users\Admin\AppData\Local\Temp\81356627d78fa186586c63aada6e19cf4c65b55e0d1a9a2fa3f32bb23e35a7a0.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3372
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    ac32abab1fc242cd2828c56b0b1fc980

    SHA1

    d3cd62d4977f7b0c254be51670b2a5b82d433754

    SHA256

    3b48a5cc7557915ad2f27405bcc6ea747db4a69bf7266ed5f914384040424d7a

    SHA512

    63fd38c6e134254e68f7ef47edc6e0135fad65c551150ae7476e76d6995884434a2db3c61c32d6e1e9174f5c3db83ab9d35b370d6a1f7c306f6fdca7861f7c9c

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    77KB

    MD5

    100e52a1549f08d486654f0adb7f4d26

    SHA1

    6951aa979706991fe667ac2033ae9934d398b873

    SHA256

    42982578f9fb75b20db1d6facbd66aea40620a5d8dfe4d8ff533dd72991e959f

    SHA512

    14b0696a8a544a3f334cc05d8ba15868a674726b83e817cdb4d70d6e050a58906adbd880e47c28bab14ced89312426ca8632ea2385bc162be007a02b1ce352d4

    Download Submit

  • memory/3372-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3372-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4952-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download