Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20230705-en -
resource tags
arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system -
submitted
08/07/2023, 16:26
Static task
static1
Behavioral task
behavioral1
Sample
812ecd245c7309exeexeexeex.exe
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
812ecd245c7309exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
812ecd245c7309exeexeexeex.exe
-
Size
56KB
-
MD5
812ecd245c7309f4b12a403d42f754c5
-
SHA1
f34ad5dd0ab7ce4de779f8e7ce5066975f9ef6a4
-
SHA256
fcc4b5aae15a02561d00036c6924011e45acefb0eccbcd4c88ec1c9e7bd04821
-
SHA512
db84c03a4c4badef841729d06f6ceeecec4a3f554a60b48d7c50eb6c2a866cd32f8d8f9405cc0b4146af20c0d2720b2458e5803b1bbdf0099f339f90542328c6
-
SSDEEP
1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp0oj67Jg:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7e
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3016 hurok.exe -
Loads dropped DLL 1 IoCs
pid Process 1092 812ecd245c7309exeexeexeex.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1092 812ecd245c7309exeexeexeex.exe 3016 hurok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1092 wrote to memory of 3016 1092 812ecd245c7309exeexeexeex.exe 27 PID 1092 wrote to memory of 3016 1092 812ecd245c7309exeexeexeex.exe 27 PID 1092 wrote to memory of 3016 1092 812ecd245c7309exeexeexeex.exe 27 PID 1092 wrote to memory of 3016 1092 812ecd245c7309exeexeexeex.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\812ecd245c7309exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\812ecd245c7309exeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1092 -
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3016
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD5a371a65361464019b7f5fe0215d57706
SHA1a4bf17e3c5838fac49bf0b3afb194127180a04b4
SHA256117bfc74606d03ef7797499a0e57ee25cd64100815f9a5d9604f5761bcfa745f
SHA512e7e8ef07f31ef9e5e0701fc4359ef7341b11150ebd38d279f63855076e2a1b22788aa46e221f13b352ef2d085852a6a16692a8d7c9aa94dd3f96f6e9c4a17869
-
Filesize
57KB
MD5a371a65361464019b7f5fe0215d57706
SHA1a4bf17e3c5838fac49bf0b3afb194127180a04b4
SHA256117bfc74606d03ef7797499a0e57ee25cd64100815f9a5d9604f5761bcfa745f
SHA512e7e8ef07f31ef9e5e0701fc4359ef7341b11150ebd38d279f63855076e2a1b22788aa46e221f13b352ef2d085852a6a16692a8d7c9aa94dd3f96f6e9c4a17869
-
Filesize
57KB
MD5a371a65361464019b7f5fe0215d57706
SHA1a4bf17e3c5838fac49bf0b3afb194127180a04b4
SHA256117bfc74606d03ef7797499a0e57ee25cd64100815f9a5d9604f5761bcfa745f
SHA512e7e8ef07f31ef9e5e0701fc4359ef7341b11150ebd38d279f63855076e2a1b22788aa46e221f13b352ef2d085852a6a16692a8d7c9aa94dd3f96f6e9c4a17869