Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ac44be3608...e2.exe

windows7-x64

10

ac44be3608...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    164s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 13:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac44be360811ad7bedb0985b6c0283e2.exe

  • Size

    116KB

  • MD5

    ac44be360811ad7bedb0985b6c0283e2

  • SHA1

    77a62a4f616ea73976a266010ba59f5b75d0211a

  • SHA256

    9eb7d6b504aa4033118f7c0848869b1529f60c397a450e6f66f6772717de5575

  • SHA512

    b813f5e37d0c0bbc81ccf6fe9f12e23ab26b0e11221240e25215313a92bcb20c6c227f3d3ce414d6754f6d0f90aa023f989d0d530d64c9beb42207b947171950

  • SSDEEP

    1536:X/0TcIg9MtpJFmAGUk+++pZgGEbplftRkDhfdxoMqYjFe1Jsl0KuwOZZZZH1gMiV:P0TUMBFmAGUIRsjsO0xdZZZZVg3x

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac44be360811ad7bedb0985b6c0283e2.exe
    "C:\Users\Admin\AppData\Local\Temp\ac44be360811ad7bedb0985b6c0283e2.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\hqnouh.exe
      "C:\Users\Admin\hqnouh.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2780

Network

  • flag-us
    DNS
    ns1.musiczipz.com
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musiczipz.com
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.net
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.net
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.org
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.org
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixb.co
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixb.co
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixc.com
    ac44be360811ad7bedb0985b6c0283e2.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixc.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    ns1.musiczipz.com
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musiczipz.com

  • 8.8.8.8:53
    ns1.musicmixa.net
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musicmixa.net

  • 8.8.8.8:53
    ns1.musicmixa.org
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    63 B
     145 B
     1
    1

    DNS Request

    ns1.musicmixa.org

  • 8.8.8.8:53
    ns1.musicmixb.co
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    62 B
     127 B
     1
    1

    DNS Request

    ns1.musicmixb.co

  • 8.8.8.8:53
    ns1.musicmixc.com
    dns
    ac44be360811ad7bedb0985b6c0283e2.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musicmixc.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\hqnouh.exe
    Filesize

    116KB

    MD5

    e28b355c76284b1983a86e190d0dea59

    SHA1

    788ba87fe8aec12b36b8909fa692327c99750375

    SHA256

    4742c4b15631dc1778d21ee1d6f334998c1cef77c506166615a9d8f9de7da8a9

    SHA512

    9f7b3de90d0c8d2fbf06db3fa27cdf83f778296f7a3678dbd548d9e9c6a5bfec9a6e2eadfd6ba1d890e48587a988f6bac53fc90bf0137fe32396fcd3d0406e54

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.