Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
08/07/2023, 17:15
Static task
static1
Behavioral task
behavioral1
Sample
8999e6d0beecb3exeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
8999e6d0beecb3exeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
8999e6d0beecb3exeexeexeex.exe
-
Size
58KB
-
MD5
8999e6d0beecb3b9e2d4db6925288b6b
-
SHA1
df93e064dec36ec8ff02a69eed8e00c12a2ae1a6
-
SHA256
1d2db878474508e73f471eb61674dadec2d9f70471792557632c0288e71b7638
-
SHA512
fd508bc9b6f0442f694d357956701a4fe0a5e982ad56a814b91d0619c535c86fd2a485f3fe176ec0f19408628234928ce59aac4032fb70070edd882d5d85d5bb
-
SSDEEP
1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1x/9lfL+gniDN:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7F
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2424 hurok.exe -
Loads dropped DLL 1 IoCs
pid Process 2312 8999e6d0beecb3exeexeexeex.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2312 8999e6d0beecb3exeexeexeex.exe 2424 hurok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2312 wrote to memory of 2424 2312 8999e6d0beecb3exeexeexeex.exe 28 PID 2312 wrote to memory of 2424 2312 8999e6d0beecb3exeexeexeex.exe 28 PID 2312 wrote to memory of 2424 2312 8999e6d0beecb3exeexeexeex.exe 28 PID 2312 wrote to memory of 2424 2312 8999e6d0beecb3exeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8999e6d0beecb3exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\8999e6d0beecb3exeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2424
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58KB
MD5b3b53468fa815ee5faa199c12c0a4bb8
SHA155fa087b18aaa1288456c9b90a30a61110410ce9
SHA256e50b402a04c95718c1dc0e1d950ba8d18c8c6d8a610c53a0e7b0691c53f70eed
SHA512dc23b1749f22dd4e0409b3f1cc3e9e57f543ed36876c71292853a3a86e5fefb249c1c6e53689839b75bd5cff963f748c192e69ab2197ef120c740003c4400721
-
Filesize
58KB
MD5b3b53468fa815ee5faa199c12c0a4bb8
SHA155fa087b18aaa1288456c9b90a30a61110410ce9
SHA256e50b402a04c95718c1dc0e1d950ba8d18c8c6d8a610c53a0e7b0691c53f70eed
SHA512dc23b1749f22dd4e0409b3f1cc3e9e57f543ed36876c71292853a3a86e5fefb249c1c6e53689839b75bd5cff963f748c192e69ab2197ef120c740003c4400721
-
Filesize
58KB
MD5b3b53468fa815ee5faa199c12c0a4bb8
SHA155fa087b18aaa1288456c9b90a30a61110410ce9
SHA256e50b402a04c95718c1dc0e1d950ba8d18c8c6d8a610c53a0e7b0691c53f70eed
SHA512dc23b1749f22dd4e0409b3f1cc3e9e57f543ed36876c71292853a3a86e5fefb249c1c6e53689839b75bd5cff963f748c192e69ab2197ef120c740003c4400721