Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
06/07/2023, 13:13
Static task
static1
Behavioral task
behavioral1
Sample
2d4ae32e9e17a1exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
2d4ae32e9e17a1exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
2d4ae32e9e17a1exeexeexeex.exe
-
Size
55KB
-
MD5
2d4ae32e9e17a1e4aadfe0b93ed93959
-
SHA1
06b1c90ee8eae5f9b661ab0f23646a93eee93b49
-
SHA256
6062cf0d703bd2c06f95a22e2c557df29ab41d45d438ce57ffbae4f1c6273612
-
SHA512
3ef071a76d8fbca240fa05dd0dfef455f652b72077d176f6f852464daa3c4d7bba25630e548426e44a2b3cbe933c14087b65908e87f3c40c8596eb9999e0cebb
-
SSDEEP
1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp0ojjf:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7e
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2372 hurok.exe -
Loads dropped DLL 1 IoCs
pid Process 2072 2d4ae32e9e17a1exeexeexeex.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2072 2d4ae32e9e17a1exeexeexeex.exe 2372 hurok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2072 wrote to memory of 2372 2072 2d4ae32e9e17a1exeexeexeex.exe 28 PID 2072 wrote to memory of 2372 2072 2d4ae32e9e17a1exeexeexeex.exe 28 PID 2072 wrote to memory of 2372 2072 2d4ae32e9e17a1exeexeexeex.exe 28 PID 2072 wrote to memory of 2372 2072 2d4ae32e9e17a1exeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d4ae32e9e17a1exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\2d4ae32e9e17a1exeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2372
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
55KB
MD59eeeb142d443e13cd2355c0b808c2566
SHA111f7e6ad720fcca46fbc49ea819af64e150595f1
SHA256678d2ed6f6e737fea67ad1c61e76f5d2aa42deca54e26dffb14da8a078ab8a49
SHA512a226a9c7b47d34a9e1765d331f5bf965b5b51b642643da9aa1e33ab63c8918920befe493696c4cf3ad62cb9c0d4f61b46697e52eb151bd3af3ecbd4e46d5ba87
-
Filesize
55KB
MD59eeeb142d443e13cd2355c0b808c2566
SHA111f7e6ad720fcca46fbc49ea819af64e150595f1
SHA256678d2ed6f6e737fea67ad1c61e76f5d2aa42deca54e26dffb14da8a078ab8a49
SHA512a226a9c7b47d34a9e1765d331f5bf965b5b51b642643da9aa1e33ab63c8918920befe493696c4cf3ad62cb9c0d4f61b46697e52eb151bd3af3ecbd4e46d5ba87
-
Filesize
55KB
MD59eeeb142d443e13cd2355c0b808c2566
SHA111f7e6ad720fcca46fbc49ea819af64e150595f1
SHA256678d2ed6f6e737fea67ad1c61e76f5d2aa42deca54e26dffb14da8a078ab8a49
SHA512a226a9c7b47d34a9e1765d331f5bf965b5b51b642643da9aa1e33ab63c8918920befe493696c4cf3ad62cb9c0d4f61b46697e52eb151bd3af3ecbd4e46d5ba87