Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

60efca330c...98.exe

windows7-x64

7

60efca330c...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2023, 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe

  • Size

    14.4MB

  • MD5

    5f7e7f2bef5b08f8b4b51c683a138904

  • SHA1

    73e2be45ffed34532f54fae9b15e73e3e9e25ae8

  • SHA256

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298

  • SHA512

    4eac53acff456de44e8205fc4339fc4e306eac752c331f1593cf7d822bd890c9d1ca6b3a93e7f8b7822104d45a97e1034844395072713205aa409a28cbb99f1c

  • SSDEEP

    393216:igvGuiPrrYx9npGNv9is4vUZF/Mf20Dm0hNeoCdckR:f5J9npGSs4vORHjSeoTkR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
    "C:\Users\Admin\AppData\Local\Temp\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • F:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
      F:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious use of SetWindowsHookEx
      PID:3824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2f83c732a3ee6913b55d3b012f18ad02.tmp
    Filesize

    67B

    MD5

    a46af7c94e3e8a917ee0c5393d08c802

    SHA1

    43b8a8eecb373724fe01627b4573e0dab22116ed

    SHA256

    6a054f90a36cb8508e101514d99e166d94dbdca290481539c7d26832ff7698e3

    SHA512

    b352898d9a0708dffd25fe9d9740f892c1d16e99e8e2209883d37dfc1073b6895de4bd55666d17400f9113ba3758ce5a9e53435fad76eba244e2d2952f5caf60

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dd2aaba274f9d9a222e933280f9af72b.ini
    Filesize

    19KB

    MD5

    e9db130bb429e181cbd2a651cd7d2db5

    SHA1

    6c239d51fdf307c45c229e3fb24b9ee74c57ded9

    SHA256

    39a07336c4a76da08a6d60f49c407ca7721faa6d9f19e71377d2fccdc5c4edbe

    SHA512

    035b05808006d6f2773eb4c407920a9a50970e6529168339fef458590fe480cb10a0cf8c94477d4ab80f8845200389c471d3c539972cefdad2abff6adbc43196

    Download Submit

  • F:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
    Filesize

    14.4MB

    MD5

    5f7e7f2bef5b08f8b4b51c683a138904

    SHA1

    73e2be45ffed34532f54fae9b15e73e3e9e25ae8

    SHA256

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298

    SHA512

    4eac53acff456de44e8205fc4339fc4e306eac752c331f1593cf7d822bd890c9d1ca6b3a93e7f8b7822104d45a97e1034844395072713205aa409a28cbb99f1c

    Download Submit

  • F:\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298\60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298.exe
    Filesize

    14.4MB

    MD5

    5f7e7f2bef5b08f8b4b51c683a138904

    SHA1

    73e2be45ffed34532f54fae9b15e73e3e9e25ae8

    SHA256

    60efca330c021cf4225ec4b94068e7a9a3004c5faf24f38820954c8c298cd298

    SHA512

    4eac53acff456de44e8205fc4339fc4e306eac752c331f1593cf7d822bd890c9d1ca6b3a93e7f8b7822104d45a97e1034844395072713205aa409a28cbb99f1c

    Download Submit

  • memory/2292-143-0x0000000000EF0000-0x0000000000EF3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2292-145-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2292-133-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/2292-134-0x0000000000EF0000-0x0000000000EF3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3824-141-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/3824-142-0x0000000000C90000-0x0000000000C93000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3824-306-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/3824-307-0x0000000000C90000-0x0000000000C93000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3824-310-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download

  • memory/3824-317-0x0000000000400000-0x0000000000C35000-memory.dmp

    Filesize

    8.2MB

    Download