Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

96fe5acd02...b5.exe

windows7-x64

8

96fe5acd02...b5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    157s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96fe5acd0229bb1d5522eab6a868264dcc653a9a94161cd7418d0649d3f54cb5.exe

  • Size

    304KB

  • MD5

    5db5bd47665ad678e83ab42ac4fdea20

  • SHA1

    22ebfde845fcba04e0476ef8f6a1a0f5ccdc98e2

  • SHA256

    96fe5acd0229bb1d5522eab6a868264dcc653a9a94161cd7418d0649d3f54cb5

  • SHA512

    f1dc34267a9da47d695279fe14af96852ce15c6b543bc1132cc00dc847fd7c1a74108be9b7d05a7fbe591f96ab2a697c1f6761b8709a53570571af2e42f9d589

  • SSDEEP

    6144:OUrqA3AheuswyPnBTJVDyiM4bTir9dEcWe4IQvIBiDlUvtym9JbqoBZ5XbH9OFQ2:OUWA3AheuswyVDpYuu3Qw9vF9Jb9bH2

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96fe5acd0229bb1d5522eab6a868264dcc653a9a94161cd7418d0649d3f54cb5.exe
    "C:\Users\Admin\AppData\Local\Temp\96fe5acd0229bb1d5522eab6a868264dcc653a9a94161cd7418d0649d3f54cb5.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Program Files (x86)\mjisaio\mjisaio.exe
      "C:\Program Files (x86)\mjisaio\mjisaio.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5000
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\mjisaio\nksoiio.bat""
        3⤵
          PID:4388

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\mjisaio\mjisaio.exe
      Filesize

      561KB

      MD5

      a078bdd2e09458d49ea4961052aa78f0

      SHA1

      6f4d76a8ef375ae1674592554c03e8160656bbe4

      SHA256

      5289686af0a135be243d937ebb47ca2952a5d55af8a0282480852c85b8df464f

      SHA512

      e7bb38f09c1b6980cb65392baf9171e2aaac804dc2dfbcc0664cd60b4adfee4dbaa0cf91ab5218972df49558909cc126ef09f0022b415d1c5e30ecf428a53a0d

      Download Submit

    • C:\Program Files (x86)\mjisaio\mjisaio.exe
      Filesize

      561KB

      MD5

      a078bdd2e09458d49ea4961052aa78f0

      SHA1

      6f4d76a8ef375ae1674592554c03e8160656bbe4

      SHA256

      5289686af0a135be243d937ebb47ca2952a5d55af8a0282480852c85b8df464f

      SHA512

      e7bb38f09c1b6980cb65392baf9171e2aaac804dc2dfbcc0664cd60b4adfee4dbaa0cf91ab5218972df49558909cc126ef09f0022b415d1c5e30ecf428a53a0d

      Download Submit

    • C:\Program Files (x86)\mjisaio\nksoiio.bat
      Filesize

      128B

      MD5

      236d93fa241341a7f5fd0e5f8a332ade

      SHA1

      8394841686bfec31d318c4c9edd2adf0fbd961a2

      SHA256

      3eea30019b9d8363b9c20d687a702e7cd440ebae5e7c2ab4d5183e3f4c6b6569

      SHA512

      d022e179ade9e47b31c387da13a16770c210090cf2f9c25d5d2a27e6e17c2f96d8c9e3c374a65a4d154058bdc9b25128bd59094efd231b52b4289115eac495fa

      Download Submit