Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dce07bd639...0e.exe

windows7-x64

10

dce07bd639...0e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    169s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dce07bd6395faee9a0b36790e9c8e191deb2f87e24358b0c6dbdfaf8ec31150e.exe

  • Size

    148KB

  • MD5

    599fb8abee9f690a646a8cb71ff06cb0

  • SHA1

    f47ec693fb56832819184eebe477a7defe1bbc30

  • SHA256

    dce07bd6395faee9a0b36790e9c8e191deb2f87e24358b0c6dbdfaf8ec31150e

  • SHA512

    214656633f21b2eec9923e66d3fb97a0e512b03bf53ff8b4a33f3aa79261988417e4011de56e25b8b25c1487f7d5b73dacce894617633284b4aab1511b500529

  • SSDEEP

    1536:ho9LIOf4BlqPAKcxnX+PBcRlouQvSPouXZ6D6Jj5wl+dwCMZUbP7v2YhxYAZxZCZ:u2KalqPpy+Pco6ouZ68Kl+dnMZUbRi

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dce07bd6395faee9a0b36790e9c8e191deb2f87e24358b0c6dbdfaf8ec31150e.exe
    "C:\Users\Admin\AppData\Local\Temp\dce07bd6395faee9a0b36790e9c8e191deb2f87e24358b0c6dbdfaf8ec31150e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Users\Admin\wueuza.exe
      "C:\Users\Admin\wueuza.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4292

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\wueuza.exe
    Filesize

    148KB

    MD5

    3e92ee377b1c708f9d498d86e794793a

    SHA1

    3165050730d77ac30f0c3f565a5c4af6e337aca4

    SHA256

    98e4b0dd7770df725f2e4a2489aa7c5ae1cd4d900d621b63db9d915b21a1f659

    SHA512

    9dcb6770411bcb191d4ca0f26633dc5c754200be5a803db02ee58ae1f7ba25ab558ffb30d114ec9c5e07799ca4a8da601b0504069701398ce25226d385887e3c

    Download Submit

  • C:\Users\Admin\wueuza.exe
    Filesize

    148KB

    MD5

    3e92ee377b1c708f9d498d86e794793a

    SHA1

    3165050730d77ac30f0c3f565a5c4af6e337aca4

    SHA256

    98e4b0dd7770df725f2e4a2489aa7c5ae1cd4d900d621b63db9d915b21a1f659

    SHA512

    9dcb6770411bcb191d4ca0f26633dc5c754200be5a803db02ee58ae1f7ba25ab558ffb30d114ec9c5e07799ca4a8da601b0504069701398ce25226d385887e3c

    Download Submit