Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

0853e3768a...7b.exe

windows7-x64

10

0853e3768a...7b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0853e3768a9c5d8eacc4b15111a52e3ed7dbe6ef613e9898e8fe985cf54d8f7b.exe

  • Size

    172KB

  • MD5

    912c02154770a89406d23ed4bd75e759

  • SHA1

    ecfd448f752ae9d68c1e6b59fe8eb001f9b8343b

  • SHA256

    0853e3768a9c5d8eacc4b15111a52e3ed7dbe6ef613e9898e8fe985cf54d8f7b

  • SHA512

    6557e3f315374d92de2736c48d7e465c9eb0e9678d4919dba4b8156f7acda0df7ec8fff67539c2c0c5bc3404ed2b255a6592204a774185d46af83e1cbe8f8b12

  • SSDEEP

    3072:LjP8K39eB8R8oSx/mOEAFIFR7N3ims2+9AhLOG7GQiCLMt8Xq/WL8mger:LD8q9hR8oSx/mOEAFIFR7NHl++hLOG7b

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0853e3768a9c5d8eacc4b15111a52e3ed7dbe6ef613e9898e8fe985cf54d8f7b.exe
    "C:\Users\Admin\AppData\Local\Temp\0853e3768a9c5d8eacc4b15111a52e3ed7dbe6ef613e9898e8fe985cf54d8f7b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Users\Admin\fjkuaf.exe
      "C:\Users\Admin\fjkuaf.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1744

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\fjkuaf.exe
    Filesize

    172KB

    MD5

    7e52147d5c1310f2cd653a1197b392e1

    SHA1

    e79640444a0d670d30ec885aa8c8935b61203982

    SHA256

    bba441970ba19b39678dcf38b538437e47e777f9f4c4cc6ca6c800eb997bf6e1

    SHA512

    95a72083f0e15e32e01fdf3d998bcebef156f762951205073f668bb9eb92f387b4c365c126bdb08ad5369aad1f5cbc509717846252d1030e9e8ee15d437a6ee9

    Download Submit

  • C:\Users\Admin\fjkuaf.exe
    Filesize

    172KB

    MD5

    7e52147d5c1310f2cd653a1197b392e1

    SHA1

    e79640444a0d670d30ec885aa8c8935b61203982

    SHA256

    bba441970ba19b39678dcf38b538437e47e777f9f4c4cc6ca6c800eb997bf6e1

    SHA512

    95a72083f0e15e32e01fdf3d998bcebef156f762951205073f668bb9eb92f387b4c365c126bdb08ad5369aad1f5cbc509717846252d1030e9e8ee15d437a6ee9

    Download Submit

  • \Users\Admin\fjkuaf.exe
    Filesize

    172KB

    MD5

    7e52147d5c1310f2cd653a1197b392e1

    SHA1

    e79640444a0d670d30ec885aa8c8935b61203982

    SHA256

    bba441970ba19b39678dcf38b538437e47e777f9f4c4cc6ca6c800eb997bf6e1

    SHA512

    95a72083f0e15e32e01fdf3d998bcebef156f762951205073f668bb9eb92f387b4c365c126bdb08ad5369aad1f5cbc509717846252d1030e9e8ee15d437a6ee9

    Download Submit

  • \Users\Admin\fjkuaf.exe
    Filesize

    172KB

    MD5

    7e52147d5c1310f2cd653a1197b392e1

    SHA1

    e79640444a0d670d30ec885aa8c8935b61203982

    SHA256

    bba441970ba19b39678dcf38b538437e47e777f9f4c4cc6ca6c800eb997bf6e1

    SHA512

    95a72083f0e15e32e01fdf3d998bcebef156f762951205073f668bb9eb92f387b4c365c126bdb08ad5369aad1f5cbc509717846252d1030e9e8ee15d437a6ee9

    Download Submit

  • memory/1996-56-0x0000000075281000-0x0000000075283000-memory.dmp

    Filesize

    8KB

    Download