Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

71a808e07d...6N.exe

windows7-x64

10

71a808e07d...6N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/01/2025, 09:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    71a808e07d3392bc04529c4bd24b369e9a411e1b27e30cd83eaaefa7b0afbd46N.exe

  • Size

    135KB

  • MD5

    5266d8ea97ed0539fc9b5a8d0c423ad0

  • SHA1

    98a16b5a9cd2083218be383dc110251b11913e06

  • SHA256

    71a808e07d3392bc04529c4bd24b369e9a411e1b27e30cd83eaaefa7b0afbd46

  • SHA512

    d7e21b7bd9a43b6293c2626a1d2d8ba2e00aeb9edec671916e4bf34a453174c376d5e15cb00a8eb4c6bb31f11573799aa2c8f6c5753b75a455cbc3afcd2ede60

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVLv6w:UVqoCl/YgjxEufVU0TbTyDDalpv6w

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71a808e07d3392bc04529c4bd24b369e9a411e1b27e30cd83eaaefa7b0afbd46N.exe
    "C:\Users\Admin\AppData\Local\Temp\71a808e07d3392bc04529c4bd24b369e9a411e1b27e30cd83eaaefa7b0afbd46N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:848
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2268
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4820
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4592
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:4868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    135KB

    MD5

    b5b5d598010068b93e7a043757810495

    SHA1

    6eb6226fce8736ba5c25177ddb0d008e58cdbc96

    SHA256

    bc487b2d1809f8a38de2fb77c91628302c6e67ff7e48db68418e47e551f8dbca

    SHA512

    96ba857c3977d3ae4a7b9f9baa0b756882b1c94723e1e6c0bdd2afeb35d42220232f7e1a363fc88ae2b99ab9edead1d62f651694fc1986a708068d106b59b55c

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    135KB

    MD5

    7dcfaeb78c503f2bedacfa5a63c3e08f

    SHA1

    f667fd3efca63e6250999c960dbc3fd032125e1b

    SHA256

    edd0f4516919288c5a109631f3a8a60012b9fa9182154ee8e0e7e9290825f21e

    SHA512

    f93e0a79e8ecc48b8cfa9068e50aceb3b97a67fe115ca4d93fad6dd87b9d7c32297151d76e0c1a8b0d0edbc5047107234ec52f8882fc6d6ec01d153928c276a1

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    135KB

    MD5

    b6a5682f8e2dfa8bcbafd387c42ec728

    SHA1

    e121b53e542ca70d8b31aa6a153e0cf7ce7b711e

    SHA256

    21a0d9166df2c4b1fb05ce40063e37e22f4cb13878a7668536cb1992b02a8fe6

    SHA512

    5a7739567ae44e2626ace1ea879c1565961461d867989685eb7edfdb2481920df05e831c11005189cd722ab60adc44a40d4bc2ea54dfd7865dcf42863b9738aa

    Download Submit

  • memory/848-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/848-35-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2268-36-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4592-37-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4820-34-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4868-29-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4868-33-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download