Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

d064228c41...db.exe

windows7-x64

10

d064228c41...db.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    52s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d064228c4138fbebb897dd0d74a69450ae58f1240ac9a33be7bb8e211f87a7db.exe

  • Size

    316KB

  • MD5

    8aa3ee839270cb28d05534f3fd5721d2

  • SHA1

    be496410a16b7bd22d04c5234cfb10c0f00c3514

  • SHA256

    d064228c4138fbebb897dd0d74a69450ae58f1240ac9a33be7bb8e211f87a7db

  • SHA512

    52ef0db49cdf4a3e2f43d910e170afdb12568a8d31f6c6a7987b7d99730983e99e744f2d3c80e8efed20ed57986d0eb57a2836a6a270cd4f5aebae0178ba82b0

  • SSDEEP

    3072:VZJwhpF3SpWufu/muESamFi5eLb532qRgzqRe/aT4E1KZnBmaNtDvJRZ8Ng0ykdi:VZ43jb532qRmqRe/aT4EYDmaNtNRKNi

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d064228c4138fbebb897dd0d74a69450ae58f1240ac9a33be7bb8e211f87a7db.exe
    "C:\Users\Admin\AppData\Local\Temp\d064228c4138fbebb897dd0d74a69450ae58f1240ac9a33be7bb8e211f87a7db.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:364
    • C:\Users\Admin\koeafi.exe
      "C:\Users\Admin\koeafi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1868

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\koeafi.exe
    Filesize

    316KB

    MD5

    709c8dff4f21aa188fb7ef4eaf00ce63

    SHA1

    4d094a1851cae643638b280b4a094874959e8754

    SHA256

    968dfe6e4cde87200a59efe818ee54290f0d45969bbb6eb853b3453b99d3248f

    SHA512

    eb0e69bbb59bb5073f5b60a56ce1ba72d74046912787b63dcc7ab9433b7fe60ae2d7e103dea3e87f36e3b04d7ff7f2a0109f797723a75e61e7d47ea0de8d3e48

    Download Submit

  • C:\Users\Admin\koeafi.exe
    Filesize

    316KB

    MD5

    709c8dff4f21aa188fb7ef4eaf00ce63

    SHA1

    4d094a1851cae643638b280b4a094874959e8754

    SHA256

    968dfe6e4cde87200a59efe818ee54290f0d45969bbb6eb853b3453b99d3248f

    SHA512

    eb0e69bbb59bb5073f5b60a56ce1ba72d74046912787b63dcc7ab9433b7fe60ae2d7e103dea3e87f36e3b04d7ff7f2a0109f797723a75e61e7d47ea0de8d3e48

    Download Submit

  • \Users\Admin\koeafi.exe
    Filesize

    316KB

    MD5

    709c8dff4f21aa188fb7ef4eaf00ce63

    SHA1

    4d094a1851cae643638b280b4a094874959e8754

    SHA256

    968dfe6e4cde87200a59efe818ee54290f0d45969bbb6eb853b3453b99d3248f

    SHA512

    eb0e69bbb59bb5073f5b60a56ce1ba72d74046912787b63dcc7ab9433b7fe60ae2d7e103dea3e87f36e3b04d7ff7f2a0109f797723a75e61e7d47ea0de8d3e48

    Download Submit

  • \Users\Admin\koeafi.exe
    Filesize

    316KB

    MD5

    709c8dff4f21aa188fb7ef4eaf00ce63

    SHA1

    4d094a1851cae643638b280b4a094874959e8754

    SHA256

    968dfe6e4cde87200a59efe818ee54290f0d45969bbb6eb853b3453b99d3248f

    SHA512

    eb0e69bbb59bb5073f5b60a56ce1ba72d74046912787b63dcc7ab9433b7fe60ae2d7e103dea3e87f36e3b04d7ff7f2a0109f797723a75e61e7d47ea0de8d3e48

    Download Submit

  • memory/364-56-0x0000000076681000-0x0000000076683000-memory.dmp

    Filesize

    8KB

    Download