Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    152s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 06:34

General

  • Target

    6a07a50a8246f502cc6130118fff6d79904e0bf4da52908cf24163e438c9133e.exe

  • Size

    80KB

  • MD5

    627dd49873ed6be09a82af987a00cbb0

  • SHA1

    bbcf3805374046a6d14c62e1b27056ab950a02f9

  • SHA256

    6a07a50a8246f502cc6130118fff6d79904e0bf4da52908cf24163e438c9133e

  • SHA512

    893336c000dc7ae0e0d35dc91aea68b901cdf5d06c7d21ab728e0e6017855bac6397c22a47c68f6d4bd0c7e8713661a065df9f7ca4afbcf6df4f305ed865cfb2

  • SSDEEP

    1536:TW7wLCvKGlTGQxguIxZTATocTzFJ0T72Vpkc:aoCvrKxZ8BTzFJ0T72wc

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a07a50a8246f502cc6130118fff6d79904e0bf4da52908cf24163e438c9133e.exe
    "C:\Users\Admin\AppData\Local\Temp\6a07a50a8246f502cc6130118fff6d79904e0bf4da52908cf24163e438c9133e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Admin\vuifob.exe
      "C:\Users\Admin\vuifob.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1636

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\vuifob.exe

    Filesize

    80KB

    MD5

    10d05f59d97189097632518718c3060a

    SHA1

    adc8b1c777a50087074b49e6f1d9ffef1b03df92

    SHA256

    f68d78ec6bbead796e0f80f299112ec5e2a4a4de419cc2d3832b5f9b15acefec

    SHA512

    7dc1fd0d5448d559b030a8a14ff01fb3aef6451e8c52781b0aa65674543761e3d79669d400812a376ef9a6da8c35b2f882842b969589005079eb7d51a49bda43

  • C:\Users\Admin\vuifob.exe

    Filesize

    80KB

    MD5

    10d05f59d97189097632518718c3060a

    SHA1

    adc8b1c777a50087074b49e6f1d9ffef1b03df92

    SHA256

    f68d78ec6bbead796e0f80f299112ec5e2a4a4de419cc2d3832b5f9b15acefec

    SHA512

    7dc1fd0d5448d559b030a8a14ff01fb3aef6451e8c52781b0aa65674543761e3d79669d400812a376ef9a6da8c35b2f882842b969589005079eb7d51a49bda43

  • \Users\Admin\vuifob.exe

    Filesize

    80KB

    MD5

    10d05f59d97189097632518718c3060a

    SHA1

    adc8b1c777a50087074b49e6f1d9ffef1b03df92

    SHA256

    f68d78ec6bbead796e0f80f299112ec5e2a4a4de419cc2d3832b5f9b15acefec

    SHA512

    7dc1fd0d5448d559b030a8a14ff01fb3aef6451e8c52781b0aa65674543761e3d79669d400812a376ef9a6da8c35b2f882842b969589005079eb7d51a49bda43

  • \Users\Admin\vuifob.exe

    Filesize

    80KB

    MD5

    10d05f59d97189097632518718c3060a

    SHA1

    adc8b1c777a50087074b49e6f1d9ffef1b03df92

    SHA256

    f68d78ec6bbead796e0f80f299112ec5e2a4a4de419cc2d3832b5f9b15acefec

    SHA512

    7dc1fd0d5448d559b030a8a14ff01fb3aef6451e8c52781b0aa65674543761e3d79669d400812a376ef9a6da8c35b2f882842b969589005079eb7d51a49bda43

  • memory/1988-56-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB