Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

d130579dcc...c2.exe

windows7-x64

10

d130579dcc...c2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    172s
  • max time network
    77s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2.exe

  • Size

    128KB

  • MD5

    cd4e753034a975044e480b8428d30687

  • SHA1

    726a772f4cec923d28c920c161cea0d223adcf43

  • SHA256

    d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2

  • SHA512

    dffdc6c276a443e4b170d2e21ddcfe4c67c5eec6a8e9bc6dff35bb9c2f6605fe3678d71701de33aa5590612d9142d19398600a15287f034b39d02634e8df9629

  • SSDEEP

    3072:eDyjSDvi4wwDCXcsTlyrGn8Dq7E0zQL16Yirqn5zd32C:ktwwDMpErGnWq7E0zQL3i2n5zd

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2.exe
    "C:\Users\Admin\AppData\Local\Temp\d130579dcc242543487c7e8bb03fa5f09cdf88c77ec70c680872fdf0e2d648c2.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\mioqo.exe
      "C:\Users\Admin\mioqo.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\mioqo.exe
    Filesize

    128KB

    MD5

    e4578ba8a3f0a0b9ac714685097c4604

    SHA1

    19b481d7a2acb0920e69ec54fe07090a929e9c3a

    SHA256

    955813b18245f17d9c60b027e22d763763ebcbcbe65869a7f8174c11fc592b63

    SHA512

    a131fa8344247320e2f4104fa9eef705702909ed795696331aa12807839dfc8f93b8846d4a15dccb567490b35ce0542b1c551acae5a8c79d51a2c2328d821e86

    Download Submit

  • C:\Users\Admin\mioqo.exe
    Filesize

    128KB

    MD5

    e4578ba8a3f0a0b9ac714685097c4604

    SHA1

    19b481d7a2acb0920e69ec54fe07090a929e9c3a

    SHA256

    955813b18245f17d9c60b027e22d763763ebcbcbe65869a7f8174c11fc592b63

    SHA512

    a131fa8344247320e2f4104fa9eef705702909ed795696331aa12807839dfc8f93b8846d4a15dccb567490b35ce0542b1c551acae5a8c79d51a2c2328d821e86

    Download Submit

  • \Users\Admin\mioqo.exe
    Filesize

    128KB

    MD5

    e4578ba8a3f0a0b9ac714685097c4604

    SHA1

    19b481d7a2acb0920e69ec54fe07090a929e9c3a

    SHA256

    955813b18245f17d9c60b027e22d763763ebcbcbe65869a7f8174c11fc592b63

    SHA512

    a131fa8344247320e2f4104fa9eef705702909ed795696331aa12807839dfc8f93b8846d4a15dccb567490b35ce0542b1c551acae5a8c79d51a2c2328d821e86

    Download Submit

  • \Users\Admin\mioqo.exe
    Filesize

    128KB

    MD5

    e4578ba8a3f0a0b9ac714685097c4604

    SHA1

    19b481d7a2acb0920e69ec54fe07090a929e9c3a

    SHA256

    955813b18245f17d9c60b027e22d763763ebcbcbe65869a7f8174c11fc592b63

    SHA512

    a131fa8344247320e2f4104fa9eef705702909ed795696331aa12807839dfc8f93b8846d4a15dccb567490b35ce0542b1c551acae5a8c79d51a2c2328d821e86

    Download Submit

  • memory/1472-61-0x0000000002B90000-0x0000000002BBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1472-63-0x0000000002B90000-0x0000000002BBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1472-56-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1472-57-0x0000000074D61000-0x0000000074D63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1472-68-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1472-70-0x0000000002B90000-0x0000000002BBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1472-71-0x0000000002B90000-0x0000000002BBA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1856-66-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1856-72-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download