Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

818c25dead...74.exe

windows7-x64

7

818c25dead...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/10/2022, 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    818c25dead553315d6a57090b13cc151a56a257cbf38009ec331a8f8a6b96474.exe

  • Size

    1.5MB

  • MD5

    6526fce1e0dae913d23d5d3cdfe490bb

  • SHA1

    61735bdc0cacf7ae63d7476a1d9884b0520cbea2

  • SHA256

    818c25dead553315d6a57090b13cc151a56a257cbf38009ec331a8f8a6b96474

  • SHA512

    a28a1a9830f0e4d7d3306dc5ed8693c8984e7c04e02760dc4ad9edcf1f22e42bcb8b5f1c09571a920fb99fb6f9d1a2c1c48a76a404bb6db8ca069cc7770a9144

  • SSDEEP

    24576:Vx8RRrFbKWdSScnVesdIDCdrG5y7pMOoj8cUnDdr6Py4qfS:VyRhdSoswC8ARojCV/S

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\818c25dead553315d6a57090b13cc151a56a257cbf38009ec331a8f8a6b96474.exe
    "C:\Users\Admin\AppData\Local\Temp\818c25dead553315d6a57090b13cc151a56a257cbf38009ec331a8f8a6b96474.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:4864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\KoalCertCtl.ocx
    Filesize

    395KB

    MD5

    c9ad6129a6300c8ba85097846de8fcaa

    SHA1

    449d4913b2c61357c6e05373bd3b2517915cd641

    SHA256

    ec4f39f69a961d16cf9ac7b2e31ebd7b775fe72d6dd20270d45ab3e698f23e21

    SHA512

    d1ee5bea9b909896d2c71274841114b2e769184790be519a16da7670d33a46fd2b5db185dbdafcc0c8a0f0b45b1d1806450f9cdbd23f2063cf683f040de59e6c

    Download Submit

  • C:\Windows\SysWOW64\KoalCspWrapper.ocx
    Filesize

    338KB

    MD5

    c1246be1af02577db6e8a0a35a508072

    SHA1

    2e13246248fe1dece8571787ddfeeae8a13bcde2

    SHA256

    13615176e69563ab8f136eef911f07b55533151b6593fe855863d37fcb8dd340

    SHA512

    7162b3bfdce475357aeb67ce12308774647b0aef355f61827ad80af1b16d09e0c3746caa526020b0f8438a232c480a12e201924b990cda49b7525c187a1d10a2

    Download Submit

  • memory/4864-132-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

    Download

  • memory/4864-134-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

    Download

  • memory/4864-135-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

    Download

  • memory/4864-138-0x0000000000400000-0x000000000044D000-memory.dmp

    Filesize

    308KB

    Download