Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

709e9565a7...5N.exe

windows7-x64

8

709e9565a7...5N.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2024, 21:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    709e9565a7a9fc8949bc6eee3335c4b5247e52f5ccae06af9046990bc9561545N.exe

  • Size

    230KB

  • MD5

    3cb581d6ca6d74f3103548beba9622b0

  • SHA1

    6fefd8e9274cd796e4f6ab9a76d1791afac85582

  • SHA256

    709e9565a7a9fc8949bc6eee3335c4b5247e52f5ccae06af9046990bc9561545

  • SHA512

    21a7394bd435127d7c62a4ea26373617dea2465409393ec14b227b13e2f0c3c0eab39cf06d22aab476f4c96ab5479deaef66687a18755bbbd05473bc61f3b6a2

  • SSDEEP

    6144:4wnqO4OgaqP/MlH3aN5eDds5A/D8XG2MBuW4a/ViE2lPnT5sc7uVzmY:Dq7dnGqNSR/ygus/gNT6cqZ

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\709e9565a7a9fc8949bc6eee3335c4b5247e52f5ccae06af9046990bc9561545N.exe
    "C:\Users\Admin\AppData\Local\Temp\709e9565a7a9fc8949bc6eee3335c4b5247e52f5ccae06af9046990bc9561545N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2348
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {E7A41AF3-B7D5-4CF7-9343-7ECCBA80C428} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\PROGRA~3\Mozilla\vuhvodg.exe
      C:\PROGRA~3\Mozilla\vuhvodg.exe -nwlnhvb
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:1644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\vuhvodg.exe
    Filesize

    230KB

    MD5

    3174e56749d4961149f92025887d6520

    SHA1

    6fe029649beeb3bec47da204b8cb247d247c660d

    SHA256

    dc6e2d7552821b18b70c7ac268482e76b7fed57604656cbb57c5cab5379e18c6

    SHA512

    dc52a989d83502cb2508b5de3e11042fbc9028da2a163798c120601e8009106f559e1e5fcf2e48af0e59ea7d4356ce1a558f092a9c7ec720dfc4c11eac37159b

    Download Submit

  • memory/1644-11-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1644-12-0x0000000000D80000-0x0000000000DDB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/1644-18-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2348-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2348-1-0x0000000000790000-0x00000000007EB000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2348-8-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download