Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 19:48

General

  • Target

    66533f33348fddacce64c01cb02b1b86c41071c2b76fbd37dee82ea1a5f03fc8.exe

  • Size

    60KB

  • MD5

    911f4923d315d8b0770da00dcd0c4a80

  • SHA1

    cc2f023492b30d418ea9de753d4bef23232dca2e

  • SHA256

    66533f33348fddacce64c01cb02b1b86c41071c2b76fbd37dee82ea1a5f03fc8

  • SHA512

    a94e49d0a4361679225949185eb8547fdcdb579b9403fd443b0de2f311f8610325c07dd44c0d98aa9ca12d37415f19b33e05970d85356018772982f691922f49

  • SSDEEP

    768:0C3aY/MexaIPQQU6IUcSUBndFIR0NMRs2H06tF1etbw1o+d8sti:0ChMobuactndFa0NM7TtF1Sw1o+d1

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66533f33348fddacce64c01cb02b1b86c41071c2b76fbd37dee82ea1a5f03fc8.exe
    "C:\Users\Admin\AppData\Local\Temp\66533f33348fddacce64c01cb02b1b86c41071c2b76fbd37dee82ea1a5f03fc8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Users\Admin\meeaneh.exe
      "C:\Users\Admin\meeaneh.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1792

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\meeaneh.exe

    Filesize

    60KB

    MD5

    3ddd76dadb49b1bf529240a2b0643264

    SHA1

    9b8dfacd362c7ca2e7b17c03ce7238b5bedb96b5

    SHA256

    d1065986def250a69c4786d32f0b216c09d5ac3c7763462a5cb71876c70327d4

    SHA512

    d7317db4bc803f93e1387cffccf089a9307e41339f69683ce338421fcf8430e708164624bd33fb9f558b47b8d99e228e33e78859cbdfbd3de004a9062b520bc5

  • C:\Users\Admin\meeaneh.exe

    Filesize

    60KB

    MD5

    3ddd76dadb49b1bf529240a2b0643264

    SHA1

    9b8dfacd362c7ca2e7b17c03ce7238b5bedb96b5

    SHA256

    d1065986def250a69c4786d32f0b216c09d5ac3c7763462a5cb71876c70327d4

    SHA512

    d7317db4bc803f93e1387cffccf089a9307e41339f69683ce338421fcf8430e708164624bd33fb9f558b47b8d99e228e33e78859cbdfbd3de004a9062b520bc5

  • \Users\Admin\meeaneh.exe

    Filesize

    60KB

    MD5

    3ddd76dadb49b1bf529240a2b0643264

    SHA1

    9b8dfacd362c7ca2e7b17c03ce7238b5bedb96b5

    SHA256

    d1065986def250a69c4786d32f0b216c09d5ac3c7763462a5cb71876c70327d4

    SHA512

    d7317db4bc803f93e1387cffccf089a9307e41339f69683ce338421fcf8430e708164624bd33fb9f558b47b8d99e228e33e78859cbdfbd3de004a9062b520bc5

  • \Users\Admin\meeaneh.exe

    Filesize

    60KB

    MD5

    3ddd76dadb49b1bf529240a2b0643264

    SHA1

    9b8dfacd362c7ca2e7b17c03ce7238b5bedb96b5

    SHA256

    d1065986def250a69c4786d32f0b216c09d5ac3c7763462a5cb71876c70327d4

    SHA512

    d7317db4bc803f93e1387cffccf089a9307e41339f69683ce338421fcf8430e708164624bd33fb9f558b47b8d99e228e33e78859cbdfbd3de004a9062b520bc5

  • memory/1148-56-0x0000000074C11000-0x0000000074C13000-memory.dmp

    Filesize

    8KB