Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    81s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 20:06

General

  • Target

    593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e.exe

  • Size

    256KB

  • MD5

    920381bd0eb7ae3ec91c37c95713a008

  • SHA1

    75eadb20c4ed4d9a5b7de85fd895b8e84975d2c8

  • SHA256

    593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e

  • SHA512

    38d3f39be30762ff89b60997671509676bcd7e486c697cd5985270a3f46a2e99b8f249a6ef1dac75f9473913a7d6dcf55eba2ae0a423cd469c7b85aaf2bbedda

  • SSDEEP

    3072:k3ZVoe+Plp/nskpCUv5T79fzCC/M7BFsqMabeYiUDoZG/33ygot:yf2PlptNvl9fm0UBFsqMabeYiUDogvFg

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e.exe
    "C:\Users\Admin\AppData\Local\Temp\593239d8f2e5e4915868caefd8479e87fd2d12a624aaffb816dc502baa0b772e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Users\Admin\duugae.exe
      "C:\Users\Admin\duugae.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1612

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\duugae.exe

    Filesize

    256KB

    MD5

    5285ce3f683316e499549332de775963

    SHA1

    bc664edec185b5632de62fb248d696da40d9076a

    SHA256

    636e81b442e4b649ce4ea9f1deed76a0f822e359861a523afca185fa972ad719

    SHA512

    32c043b2af8bea96f196a8c97287a73b9d90a739d3d16de6363c5c818fa4018fbbbd2c0ddde9e08dfd194b29c088f86d9ad1748f2cd0a34c92adfd4e4767183a

  • C:\Users\Admin\duugae.exe

    Filesize

    256KB

    MD5

    5285ce3f683316e499549332de775963

    SHA1

    bc664edec185b5632de62fb248d696da40d9076a

    SHA256

    636e81b442e4b649ce4ea9f1deed76a0f822e359861a523afca185fa972ad719

    SHA512

    32c043b2af8bea96f196a8c97287a73b9d90a739d3d16de6363c5c818fa4018fbbbd2c0ddde9e08dfd194b29c088f86d9ad1748f2cd0a34c92adfd4e4767183a

  • \Users\Admin\duugae.exe

    Filesize

    256KB

    MD5

    5285ce3f683316e499549332de775963

    SHA1

    bc664edec185b5632de62fb248d696da40d9076a

    SHA256

    636e81b442e4b649ce4ea9f1deed76a0f822e359861a523afca185fa972ad719

    SHA512

    32c043b2af8bea96f196a8c97287a73b9d90a739d3d16de6363c5c818fa4018fbbbd2c0ddde9e08dfd194b29c088f86d9ad1748f2cd0a34c92adfd4e4767183a

  • \Users\Admin\duugae.exe

    Filesize

    256KB

    MD5

    5285ce3f683316e499549332de775963

    SHA1

    bc664edec185b5632de62fb248d696da40d9076a

    SHA256

    636e81b442e4b649ce4ea9f1deed76a0f822e359861a523afca185fa972ad719

    SHA512

    32c043b2af8bea96f196a8c97287a73b9d90a739d3d16de6363c5c818fa4018fbbbd2c0ddde9e08dfd194b29c088f86d9ad1748f2cd0a34c92adfd4e4767183a

  • memory/992-56-0x0000000076561000-0x0000000076563000-memory.dmp

    Filesize

    8KB