Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

df7f924bc4...84.exe

windows7-x64

10

df7f924bc4...84.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df7f924bc4e2b8c06c58c81bb3c787f065dadf17cacce9dc51c5432c8d3e7d84.exe

  • Size

    256KB

  • MD5

    a0974491d06a1f058b1e3176724f5d32

  • SHA1

    2b50fe4bb4df8247f3a5083c0f86f8424a63e03e

  • SHA256

    df7f924bc4e2b8c06c58c81bb3c787f065dadf17cacce9dc51c5432c8d3e7d84

  • SHA512

    83bc0be99fe96b10109a0520db012c7fd6fcaab7baecadb0e7aad5b18f6699855e53d8f8e48ef0f0a79ce58dff64aea0139c9c5825766a14010296d33a17c0ce

  • SSDEEP

    6144:BiGDh4jLt4NVcWgyGELwXiS8T+bbhn7aRjS5ZgXbG:AGWntWyD1LiS8lS5Zi

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df7f924bc4e2b8c06c58c81bb3c787f065dadf17cacce9dc51c5432c8d3e7d84.exe
    "C:\Users\Admin\AppData\Local\Temp\df7f924bc4e2b8c06c58c81bb3c787f065dadf17cacce9dc51c5432c8d3e7d84.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Admin\laohok.exe
      "C:\Users\Admin\laohok.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2020

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\laohok.exe
    Filesize

    256KB

    MD5

    7757a93811db6dc903c8ffba17910107

    SHA1

    e7c03cd3309aad8f7360ee4c841273e3a60e526c

    SHA256

    cf00f8a5866154d90067fc755e201dbc7fe4aa1c7a49f5e7e0b398ab4ade7eca

    SHA512

    b516cbcf1f5e7b29c837d1693fb3e0c7125f93cef6cf9e8e4971b6a1dfe43411813fd496d183401ae9bde611eed4e6a25184ef8de3e8736fb9b96470bc8c9a09

    Download Submit

  • C:\Users\Admin\laohok.exe
    Filesize

    256KB

    MD5

    7757a93811db6dc903c8ffba17910107

    SHA1

    e7c03cd3309aad8f7360ee4c841273e3a60e526c

    SHA256

    cf00f8a5866154d90067fc755e201dbc7fe4aa1c7a49f5e7e0b398ab4ade7eca

    SHA512

    b516cbcf1f5e7b29c837d1693fb3e0c7125f93cef6cf9e8e4971b6a1dfe43411813fd496d183401ae9bde611eed4e6a25184ef8de3e8736fb9b96470bc8c9a09

    Download Submit

  • \Users\Admin\laohok.exe
    Filesize

    256KB

    MD5

    7757a93811db6dc903c8ffba17910107

    SHA1

    e7c03cd3309aad8f7360ee4c841273e3a60e526c

    SHA256

    cf00f8a5866154d90067fc755e201dbc7fe4aa1c7a49f5e7e0b398ab4ade7eca

    SHA512

    b516cbcf1f5e7b29c837d1693fb3e0c7125f93cef6cf9e8e4971b6a1dfe43411813fd496d183401ae9bde611eed4e6a25184ef8de3e8736fb9b96470bc8c9a09

    Download Submit

  • \Users\Admin\laohok.exe
    Filesize

    256KB

    MD5

    7757a93811db6dc903c8ffba17910107

    SHA1

    e7c03cd3309aad8f7360ee4c841273e3a60e526c

    SHA256

    cf00f8a5866154d90067fc755e201dbc7fe4aa1c7a49f5e7e0b398ab4ade7eca

    SHA512

    b516cbcf1f5e7b29c837d1693fb3e0c7125f93cef6cf9e8e4971b6a1dfe43411813fd496d183401ae9bde611eed4e6a25184ef8de3e8736fb9b96470bc8c9a09

    Download Submit

  • memory/1988-70-0x0000000002DD0000-0x0000000002E23000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1988-57-0x0000000075911000-0x0000000075913000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1988-55-0x0000000000400000-0x0000000000453000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1988-65-0x0000000002DD0000-0x0000000002E23000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1988-66-0x0000000002DD0000-0x0000000002E23000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1988-71-0x0000000002DD0000-0x0000000002E23000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1988-69-0x0000000000400000-0x0000000000453000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2020-67-0x0000000000400000-0x0000000000453000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2020-72-0x0000000000400000-0x0000000000453000-memory.dmp

    Filesize

    332KB

    Download