Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

4c0a3da719...f0.exe

windows7-x64

10

4c0a3da719...f0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24/11/2022, 00:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe

  • Size

    260KB

  • MD5

    349815881bc9147ffc26843be2939ff0

  • SHA1

    785f1230a94f7bb364fa713e402aeec31582a2ff

  • SHA256

    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0

  • SHA512

    a111de01daa7e683f9042f46411bba9e255a7fefb3aa28e0c16aae5dd818621c537148d1ad384958d4879c600adc35457b79a4fc6f6139caefb75b276e3f1b81

  • SSDEEP

    6144:V4HtUUp7WQn6mr1R4bKLnXejKloO6JU1J7QnpXZ7Ta9kzU2/pn:VkJp6Qn6mr1R4bKLnXaKaO6O1JAptH

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe
    "C:\Users\Admin\AppData\Local\Temp\4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Users\Admin\xeoujic.exe
      "C:\Users\Admin\xeoujic.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1160

Network

  • flag-unknown
    DNS
    ns1.player1532.com
    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.player1532.com
    IN A
    Response
  • flag-unknown
    DNS
    ns1.videoall.org
    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.videoall.org
    IN A
    Response
  • flag-unknown
    DNS
    ns1.videoall.net
    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.videoall.net
    IN A
    Response
No results found
  • 8.8.8.8:53
    ns1.player1532.com
    dns
    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe
    64 B
     137 B
     1
    1

    DNS Request

    ns1.player1532.com

  • 8.8.8.8:53
    ns1.videoall.org
    dns
    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe
    62 B
     144 B
     1
    1

    DNS Request

    ns1.videoall.org

  • 8.8.8.8:53
    ns1.videoall.net
    dns
    4c0a3da7191ac24df28654d79ce018510ac7cba1d4137daabdea7eba01c5d5f0.exe
    62 B
     135 B
     1
    1

    DNS Request

    ns1.videoall.net

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\xeoujic.exe
    Filesize

    260KB

    MD5

    651516dd2f87004c736ac74768a89b4c

    SHA1

    197d7bfcd74939460b08d0154d4ff4a0606bc6b6

    SHA256

    a6391f1772cf5ba96cb906339710480462d448a9da0c34bdab2feb2386841646

    SHA512

    35f2b4d8b8ad7bedb1d9050578ee7c3da26e62753941f1d592d63c8c1ba720ddcd540907a58a888f07fd74618c51afa6960d3ea8ab4898cf3bd574b28fdcd79b

    Download Submit

  • C:\Users\Admin\xeoujic.exe
    Filesize

    260KB

    MD5

    651516dd2f87004c736ac74768a89b4c

    SHA1

    197d7bfcd74939460b08d0154d4ff4a0606bc6b6

    SHA256

    a6391f1772cf5ba96cb906339710480462d448a9da0c34bdab2feb2386841646

    SHA512

    35f2b4d8b8ad7bedb1d9050578ee7c3da26e62753941f1d592d63c8c1ba720ddcd540907a58a888f07fd74618c51afa6960d3ea8ab4898cf3bd574b28fdcd79b

    Download Submit

  • \Users\Admin\xeoujic.exe
    Filesize

    260KB

    MD5

    651516dd2f87004c736ac74768a89b4c

    SHA1

    197d7bfcd74939460b08d0154d4ff4a0606bc6b6

    SHA256

    a6391f1772cf5ba96cb906339710480462d448a9da0c34bdab2feb2386841646

    SHA512

    35f2b4d8b8ad7bedb1d9050578ee7c3da26e62753941f1d592d63c8c1ba720ddcd540907a58a888f07fd74618c51afa6960d3ea8ab4898cf3bd574b28fdcd79b

    Download Submit

  • \Users\Admin\xeoujic.exe
    Filesize

    260KB

    MD5

    651516dd2f87004c736ac74768a89b4c

    SHA1

    197d7bfcd74939460b08d0154d4ff4a0606bc6b6

    SHA256

    a6391f1772cf5ba96cb906339710480462d448a9da0c34bdab2feb2386841646

    SHA512

    35f2b4d8b8ad7bedb1d9050578ee7c3da26e62753941f1d592d63c8c1ba720ddcd540907a58a888f07fd74618c51afa6960d3ea8ab4898cf3bd574b28fdcd79b

    Download Submit

  • memory/1424-56-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.