Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
09/07/2023, 11:44
Static task
static1
Behavioral task
behavioral1
Sample
abb6192a527cafexeexeexeex.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
abb6192a527cafexeexeexeex.exe
Resource
win10v2004-20230703-en
General
-
Target
abb6192a527cafexeexeexeex.exe
-
Size
63KB
-
MD5
abb6192a527caf77089d3132f0e0b80c
-
SHA1
c0cddc03d33a9de5d44dd5e3b87c9953fcda0bf6
-
SHA256
42d6638f12c8316392fd9e0d0a1c34ac1336d9019d937ab78fd5274df95b30de
-
SHA512
0a869c7f93111d665102fe1350f2f5cb3511170f14114c0a395e0b3b92fe0be17ceb219eee2a91080a239f4bb2a6f7ca74ebe2c72a2059e8adc76bd4bd514816
-
SSDEEP
1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xo3/nyxV21iqn:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7J
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2040 hurok.exe -
Loads dropped DLL 1 IoCs
pid Process 2324 abb6192a527cafexeexeexeex.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2324 abb6192a527cafexeexeexeex.exe 2040 hurok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2324 wrote to memory of 2040 2324 abb6192a527cafexeexeexeex.exe 28 PID 2324 wrote to memory of 2040 2324 abb6192a527cafexeexeexeex.exe 28 PID 2324 wrote to memory of 2040 2324 abb6192a527cafexeexeexeex.exe 28 PID 2324 wrote to memory of 2040 2324 abb6192a527cafexeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\abb6192a527cafexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\abb6192a527cafexeexeexeex.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2040
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD517a90239a6f240966fd22ce104cdbf96
SHA15699a905dde1a754d861ed205538b28f41387abd
SHA256e8c562d93712dc4faa807d98be203e0e0a185d26cbe02b16eb7509b36208d25d
SHA512db1f86da1e1aa2cb0d299bfed4a6a767ea96f3e7321b6b46c8fb5a7431a9c62675df1d26d75c2e9aece2e3215224b801900837ce039c79f9b4a7975c12baa85d
-
Filesize
64KB
MD517a90239a6f240966fd22ce104cdbf96
SHA15699a905dde1a754d861ed205538b28f41387abd
SHA256e8c562d93712dc4faa807d98be203e0e0a185d26cbe02b16eb7509b36208d25d
SHA512db1f86da1e1aa2cb0d299bfed4a6a767ea96f3e7321b6b46c8fb5a7431a9c62675df1d26d75c2e9aece2e3215224b801900837ce039c79f9b4a7975c12baa85d
-
Filesize
64KB
MD517a90239a6f240966fd22ce104cdbf96
SHA15699a905dde1a754d861ed205538b28f41387abd
SHA256e8c562d93712dc4faa807d98be203e0e0a185d26cbe02b16eb7509b36208d25d
SHA512db1f86da1e1aa2cb0d299bfed4a6a767ea96f3e7321b6b46c8fb5a7431a9c62675df1d26d75c2e9aece2e3215224b801900837ce039c79f9b4a7975c12baa85d