Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2daa6b7ec9...40.exe

windows7-x64

10

2daa6b7ec9...40.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2daa6b7ec9e9dd35a7786a852159bf40.exe

  • Size

    100KB

  • MD5

    2daa6b7ec9e9dd35a7786a852159bf40

  • SHA1

    b7c70e0743e46f050c0b0cf527f4eea4258e6a77

  • SHA256

    0298ab2ccbd05d1cd4e5046c72693e301368fbe6c7ed571e99847f0ca750e197

  • SHA512

    cf1748678d9d98f043119767bb403a21b606a610445c1fc6ebf699c497bc25fcc65d44028b7af1b09f67684196e767926b5fa3ac3e77dad1f10b7690f08dc40d

  • SSDEEP

    1536:x4l0cc5BndOB+dGrNjjmJ2NuKuFr1M5B4QbCcIw9:D5BdOB++jOW99

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2daa6b7ec9e9dd35a7786a852159bf40.exe
    "C:\Users\Admin\AppData\Local\Temp\2daa6b7ec9e9dd35a7786a852159bf40.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Users\Admin\lejuh.exe
      "C:\Users\Admin\lejuh.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\lejuh.exe
    Filesize

    100KB

    MD5

    bf4384f45f1c5158cbdf5622e6055af5

    SHA1

    fe05e9382ac9c7b64a1394791db90cc5d728c069

    SHA256

    2591fd7026d2e1d6e4a39745d6abc50867489b58c4b56696e3b4ea1ab1d0f14d

    SHA512

    9aefc8a914c1aea91eabfce5b66fc063c563abf663e039c8cd17a4f59ac92dfd2df7aa4e962c5dc96330436b35a4a40cb9692d4e89fea82d4839bfcb52ae72b8

    Download Submit

  • memory/2776-15-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2888-0-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

    Download

  • memory/2888-9-0x0000000002FE0000-0x0000000003013000-memory.dmp

    Filesize

    204KB

    Download