Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
23/01/2025, 22:41
General
-
Target
291e4de1f62cfee05878555f135b7af766380ea2dd26aa5f83857be003f4e8f3.exe
-
Size
1.6MB
-
MD5
9a3138d5ce3e61c287449846f24b344b
-
SHA1
742e8d5ed9e9e27c57a6af7dd98ed5e266d84b49
-
SHA256
291e4de1f62cfee05878555f135b7af766380ea2dd26aa5f83857be003f4e8f3
-
SHA512
80e37d370e7381660c5cb0e3573d580cd9c9f9590f2dce07d69b23d130946d1bde74335d2a70304db598031d6115515da0f9564ef5bfc24833d2c8063d41ecd9
-
SSDEEP
49152:KEuq6q6lI6aQClAOhlTcAhT4xqdLiI98zjSq6v:KFqClI6NClAOlTfhhdeI98/Mv
Malware Config
Signatures
-
Njrat family
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\291e4de1f62cfee05878555f135b7af766380ea2dd26aa5f83857be003f4e8f3.exe"C:\Users\Admin\AppData\Local\Temp\291e4de1f62cfee05878555f135b7af766380ea2dd26aa5f83857be003f4e8f3.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Payload(default)_protected.sfx.exe"C:\Users\Admin\AppData\Local\Temp\Payload(default)_protected.sfx.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Payload(default)_protected.exe"C:\Users\Admin\AppData\Local\Temp\Payload(default)_protected.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD5780f34e42cb0cd16a6f2866ea2567548
SHA11d89163b200d466292c40e47ac767ed0d88d0f8d
SHA256f95a8bcd73d648b0f8420d3a804b09eea7f6138ceed53b4ee0f24496a8b63fa5
SHA5126a67afb55bb4f08bf1862acf8ce150cdee0f57546cb85a370f1e7e9474a62d65200e603f3523ddb386c5336f21221cf600bcac5a9c8f710791dd8d27d4c79130
-
Filesize
1.4MB
MD53c112dcbdd4b04f9bbecdf5794238213
SHA15117feaaa8c2e9d2b3ab84f99a42987954c3d2b4
SHA2563181fd77967e0ae759aebeb1f65f6d879c6d4542326b48a500bc95b12fa3e013
SHA51251fd74e928618a1ab1b82c869fe00075274fc931f870ac67777044cef858afcf355c9249e95b6e45fc29ea821e4884264c8dfbf9bebfff67d1d17c0c1ae7db83
-
Filesize
64KB
-
Filesize
3.4MB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
3.4MB
-
Filesize
5.7MB
-
Filesize
5.7MB