Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2022, 03:05

General

  • Target

    3312c2e56d4e8e0bfd2cc78fa1b38c2954d360a473858d8b3e08ebe355278a69.exe

  • Size

    176KB

  • MD5

    60705b6e4ee220477320bcf4111c1830

  • SHA1

    d6a1c4f31414c55f2171c4d766d600ba96a307fb

  • SHA256

    3312c2e56d4e8e0bfd2cc78fa1b38c2954d360a473858d8b3e08ebe355278a69

  • SHA512

    f81dba47198250c02dfbe93bbf45f062ebd5e69a8e8da878994178232035f5237be640ad44c9e9954e87f5dcb833d6cc4133b3e3c708014ae0e84bd679004844

  • SSDEEP

    3072:yfRNa4/jynvgWK/fObT/bGiSEIGsbv0OpxYTNPybtDKvS3i:ujG3K/fObT/bGiSE5sj3xYTNPybtDKv9

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 43 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3312c2e56d4e8e0bfd2cc78fa1b38c2954d360a473858d8b3e08ebe355278a69.exe
    "C:\Users\Admin\AppData\Local\Temp\3312c2e56d4e8e0bfd2cc78fa1b38c2954d360a473858d8b3e08ebe355278a69.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Users\Admin\moika.exe
      "C:\Users\Admin\moika.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1712

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\moika.exe

    Filesize

    176KB

    MD5

    37db4442978620234a482cec220fe7c5

    SHA1

    28e7494178a7c665f42c733e847677f733c39e7e

    SHA256

    0202fd0f489b9c22e2f267a2e29c0df65b9e9b7c0d721d6e6efcd32bda5143e8

    SHA512

    16326e6244329d9ad0c3f309ab6531ac48a8b1a439e45258a16eeaf99c72b79543acb42a1ea1067c692821f61c6df20b91238533044d3f28fcbacc113ccdabc8

  • C:\Users\Admin\moika.exe

    Filesize

    176KB

    MD5

    37db4442978620234a482cec220fe7c5

    SHA1

    28e7494178a7c665f42c733e847677f733c39e7e

    SHA256

    0202fd0f489b9c22e2f267a2e29c0df65b9e9b7c0d721d6e6efcd32bda5143e8

    SHA512

    16326e6244329d9ad0c3f309ab6531ac48a8b1a439e45258a16eeaf99c72b79543acb42a1ea1067c692821f61c6df20b91238533044d3f28fcbacc113ccdabc8

  • \Users\Admin\moika.exe

    Filesize

    176KB

    MD5

    37db4442978620234a482cec220fe7c5

    SHA1

    28e7494178a7c665f42c733e847677f733c39e7e

    SHA256

    0202fd0f489b9c22e2f267a2e29c0df65b9e9b7c0d721d6e6efcd32bda5143e8

    SHA512

    16326e6244329d9ad0c3f309ab6531ac48a8b1a439e45258a16eeaf99c72b79543acb42a1ea1067c692821f61c6df20b91238533044d3f28fcbacc113ccdabc8

  • \Users\Admin\moika.exe

    Filesize

    176KB

    MD5

    37db4442978620234a482cec220fe7c5

    SHA1

    28e7494178a7c665f42c733e847677f733c39e7e

    SHA256

    0202fd0f489b9c22e2f267a2e29c0df65b9e9b7c0d721d6e6efcd32bda5143e8

    SHA512

    16326e6244329d9ad0c3f309ab6531ac48a8b1a439e45258a16eeaf99c72b79543acb42a1ea1067c692821f61c6df20b91238533044d3f28fcbacc113ccdabc8

  • memory/832-56-0x0000000075291000-0x0000000075293000-memory.dmp

    Filesize

    8KB