Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1a2ff88264...e6.exe

windows7-x64

10

1a2ff88264...e6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a2ff88264bfa46ac009b8c486798fcaac6c8c4cf81d90c49b13befb35413fe6.exe

  • Size

    288KB

  • MD5

    0884a45ae5ab712cd28c3271b3ad9169

  • SHA1

    b0e572028d7c6acf1029be26d4822a5315f6a5a6

  • SHA256

    1a2ff88264bfa46ac009b8c486798fcaac6c8c4cf81d90c49b13befb35413fe6

  • SHA512

    6d2ec3b13777c4bb714a91a2340fd5fd43ecd755b27b7d5f1b1a4a65453defe46de396d7b04093aec2d0595d3d4bcfa97ef94a524dda7359fb4416944a187523

  • SSDEEP

    6144:BQRiNvbGuOdn9Z/QmO6Ckobf3fGCmahGkUutt:ZNvbGuYnXQmO6Ckobf3fGCmah7Uu

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 54 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a2ff88264bfa46ac009b8c486798fcaac6c8c4cf81d90c49b13befb35413fe6.exe
    "C:\Users\Admin\AppData\Local\Temp\1a2ff88264bfa46ac009b8c486798fcaac6c8c4cf81d90c49b13befb35413fe6.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Users\Admin\duapej.exe
      "C:\Users\Admin\duapej.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1696

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\duapej.exe
    Filesize

    288KB

    MD5

    11914891152c7560a70cffba0a472d40

    SHA1

    b265fcfe871be82e0144c0d965e6eb88580847bc

    SHA256

    7c07d1b59fc357422e0a67f14f5c77edda6733c7793fcd9e77da46b9689cf950

    SHA512

    b0ab6d898b9b10eaa12430edb39921c1ef82a3f20ae1334566feba0154945e808d02e7d6d7a8ae67a274a3a958753ca82dd1d32debd60a028aeff71958831352

    Download Submit

  • C:\Users\Admin\duapej.exe
    Filesize

    288KB

    MD5

    11914891152c7560a70cffba0a472d40

    SHA1

    b265fcfe871be82e0144c0d965e6eb88580847bc

    SHA256

    7c07d1b59fc357422e0a67f14f5c77edda6733c7793fcd9e77da46b9689cf950

    SHA512

    b0ab6d898b9b10eaa12430edb39921c1ef82a3f20ae1334566feba0154945e808d02e7d6d7a8ae67a274a3a958753ca82dd1d32debd60a028aeff71958831352

    Download Submit

  • \Users\Admin\duapej.exe
    Filesize

    288KB

    MD5

    11914891152c7560a70cffba0a472d40

    SHA1

    b265fcfe871be82e0144c0d965e6eb88580847bc

    SHA256

    7c07d1b59fc357422e0a67f14f5c77edda6733c7793fcd9e77da46b9689cf950

    SHA512

    b0ab6d898b9b10eaa12430edb39921c1ef82a3f20ae1334566feba0154945e808d02e7d6d7a8ae67a274a3a958753ca82dd1d32debd60a028aeff71958831352

    Download Submit

  • \Users\Admin\duapej.exe
    Filesize

    288KB

    MD5

    11914891152c7560a70cffba0a472d40

    SHA1

    b265fcfe871be82e0144c0d965e6eb88580847bc

    SHA256

    7c07d1b59fc357422e0a67f14f5c77edda6733c7793fcd9e77da46b9689cf950

    SHA512

    b0ab6d898b9b10eaa12430edb39921c1ef82a3f20ae1334566feba0154945e808d02e7d6d7a8ae67a274a3a958753ca82dd1d32debd60a028aeff71958831352

    Download Submit

  • memory/1048-56-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1048-57-0x0000000076171000-0x0000000076173000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1048-65-0x0000000002A60000-0x0000000002ABA000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1048-68-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1696-66-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1696-69-0x0000000000400000-0x000000000045A000-memory.dmp

    Filesize

    360KB

    Download