Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

Backdoor.W...on.exe

windows7-x64

8

Backdoor.W...on.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    116s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 18:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Backdoor.Win32.Hupigon.exe

  • Size

    613KB

  • MD5

    03c4dbf772380a46f0d71795e1ce6bf2

  • SHA1

    8366bc0858d21f07573b08de57d662a2a1a24c51

  • SHA256

    ed125acd9eaf97bc0fd455dd4eb257cfa662c4b96024d03678ddb35db035373b

  • SHA512

    251343fd85a4538aee24628a84662badd0d61bf38ffa8d239e21b74043805b18e5ebfd6a71070f8dcb7242ad1bb5456b2f7f50a1ca585e8a308656f88c9e2351

  • SSDEEP

    12288:jKFa0zkNhGNnoOx7Tz98HtoIUAtF3Z4mxxnDqVTVOCkEXW:jKjkN4iqXzyOmQmX2VTzkn

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Backdoor.Win32.Hupigon.exe
    "C:\Users\Admin\AppData\Local\Temp\Backdoor.Win32.Hupigon.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:1704
  • C:\Windows\twunk_64.exe
    C:\Windows\twunk_64.exe
    1⤵
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:1720
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x40c
      1⤵
        PID:1496

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\Delete.bat
        Filesize

        166B

        MD5

        48b3de545aa164eacb2eb266c381deab

        SHA1

        aeae04d954b94fcc90c432d3ed00116d846e420e

        SHA256

        6abee46232fe488bca9dc7f2162bb54b1001fd63f5e19c4cd6ec5ca0591134aa

        SHA512

        625fd497f9f110f23f1599630a2d372bfd460b46f8d09421a14b0bf03c2648bf126a0c11eb9d3829b2ea04c9e42df2cbf1609875778a7481028d7fdda0728d55

        Download Submit

      • C:\Windows\twunk_64.exe
        Filesize

        613KB

        MD5

        03c4dbf772380a46f0d71795e1ce6bf2

        SHA1

        8366bc0858d21f07573b08de57d662a2a1a24c51

        SHA256

        ed125acd9eaf97bc0fd455dd4eb257cfa662c4b96024d03678ddb35db035373b

        SHA512

        251343fd85a4538aee24628a84662badd0d61bf38ffa8d239e21b74043805b18e5ebfd6a71070f8dcb7242ad1bb5456b2f7f50a1ca585e8a308656f88c9e2351

        Download Submit

      • C:\Windows\twunk_64.exe
        Filesize

        613KB

        MD5

        03c4dbf772380a46f0d71795e1ce6bf2

        SHA1

        8366bc0858d21f07573b08de57d662a2a1a24c51

        SHA256

        ed125acd9eaf97bc0fd455dd4eb257cfa662c4b96024d03678ddb35db035373b

        SHA512

        251343fd85a4538aee24628a84662badd0d61bf38ffa8d239e21b74043805b18e5ebfd6a71070f8dcb7242ad1bb5456b2f7f50a1ca585e8a308656f88c9e2351

        Download Submit

      • memory/1060-55-0x0000000000400000-0x0000000000506000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1060-58-0x0000000003280000-0x0000000003285000-memory.dmp

        Filesize

        20KB

        Download

      • memory/1060-57-0x0000000003290000-0x0000000003390000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-54-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1060-63-0x0000000000400000-0x0000000000506000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1060-56-0x0000000000380000-0x00000000003D4000-memory.dmp

        Filesize

        336KB

        Download

      • memory/1788-65-0x0000000000400000-0x0000000000506000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1788-66-0x0000000001D60000-0x0000000001DB4000-memory.dmp

        Filesize

        336KB

        Download

      • memory/1788-67-0x0000000003160000-0x0000000003165000-memory.dmp

        Filesize

        20KB

        Download

      • memory/1788-68-0x0000000000400000-0x0000000000506000-memory.dmp

        Filesize

        1.0MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.