Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

02a8a60799...9e.exe

windows7-x64

7

02a8a60799...9e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02a8a6079949624aa00e1d5bd6ec469e.exe

  • Size

    1.3MB

  • MD5

    02a8a6079949624aa00e1d5bd6ec469e

  • SHA1

    5d066de909907a406d00779803fca42cb3a80718

  • SHA256

    e42a3a64b94d56ff4eb582d1d42b1cbf86f4d0cedcb15244bc818728c1eee20d

  • SHA512

    751842b2afc77d022873f3876d0d28ee92c555a12d767cae6cf34256423679f114beeef58087bcd8bdbea1a487fbaf82030e316c6946c7eecd700f763a991296

  • SSDEEP

    24576:HW/F8IVEKFAldhmAjPouSNbM+tzccf94WliDwoCFyelKwrUQ8Tcjkn:4/F+dhnjPouSJM+zV4siDcblKwrh8YQ

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 24 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02a8a6079949624aa00e1d5bd6ec469e.exe
    "C:\Users\Admin\AppData\Local\Temp\02a8a6079949624aa00e1d5bd6ec469e.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3904
    • C:\Windows\SysWOW64\CKSetup32.exe
      C:\Windows\system32\CKSetup32.exe /install
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3672
      • C:\Windows\SysWOW64\CKSetup64.exe
        "C:\Windows\SysWOW64\CKSetup64.exe" /update CKAgent
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        PID:1860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Downloaded Program Files\TouchEnKey.dll
    Filesize

    497KB

    MD5

    4df87b9f957b6b2c63794bf3c972ccd5

    SHA1

    81a1ec4b13b5e9f5dd1767dd2ae85edb1bfc302d

    SHA256

    cd76c403bff82c4d2142f3018d836ec8246a14cff1ff0b2a4edfe79406e8be6a

    SHA512

    96ed457b2209a78b384db542cb7c39f15e9aacdeae5ef9b9a6dd636096099f20d1bd12b65a186919ad872ea5430b17c5bf206a290a1678dbc25be51415174ae1

    Download Submit

  • C:\Windows\SysWOW64\CKAgent.exe
    Filesize

    133KB

    MD5

    b41cf55c72f97008a9696454fe3af490

    SHA1

    e91860630919a244a59e76b9ef98b4a1a1a9c365

    SHA256

    15a6ea7dbd57944933063231996a1346452ed46edd9730480bb980087147dae5

    SHA512

    f73b4e026a43128b6e71da87e917d3c2fadf902f35522176ff3e4a28f3fd1ee0c3e16d05bdc464f0cac62cb080b2f2b758b48e6c61d71cd2dfe60d4045b01d07

    Download Submit

  • C:\Windows\SysWOW64\CKSetup32.exe
    Filesize

    1.0MB

    MD5

    bbb91684506d658207220ab18f99a5a8

    SHA1

    b2c0ba77feb6823f5362e2cd688854a11dc38c58

    SHA256

    dfe9c926d17609438bf6ad0714a1185252965e521e4b9ed1104c3ebe48f2ee55

    SHA512

    9bf70b1db1c4535e5deab3f571f791494f2b5d857675c5e698f941692e638e22edf7df789ba5873e996f0153a4e1e4b216815d86ae80d1d7ff278ce3d2ab053e

    Download Submit

  • C:\Windows\SysWOW64\CKSetup32.exe
    Filesize

    1.1MB

    MD5

    42b74da04f05604cbef420530433e4f2

    SHA1

    f8fb7eb0ff00fa4aed9677f18e678ad7e5ebe298

    SHA256

    0094e0dbd418193d68967488d778173e5b95012c4dfe271bdf2bdc2ac72b52df

    SHA512

    22b649b8ffd7d0c44c38c4812bfac2590be2c683342c59bfb8379f2904fa523e2f4334d7c3dc915cf2773f18a2b60e0d3a17eae3ea385350d971e3caf0d6e652

    Download Submit

  • C:\Windows\SysWOW64\CKSetup64.exe
    Filesize

    462KB

    MD5

    8aec74b31d7a560904396a9d8d9e61f5

    SHA1

    fb7dbef14187f421f8183abe281ebd4ca5f843fb

    SHA256

    69298602a398107bd37a68a344b2583e8791180a3fb486cbc70cc6b57058800f

    SHA512

    5c3bfed7221979a3b1865228c0f46f8e798312659bc724103f8617075f1114eddc12563ef2b0c6e44eaf55850ba87f7fbff8fb54a2d57ca4f90bebd784303455

    Download Submit

  • C:\Windows\SysWOW64\kcrypto.dll
    Filesize

    186KB

    MD5

    f9060327c8db272ac4bf9d52c7022ad5

    SHA1

    8abf59a23a05abd32616d6ecad2e196c84cee204

    SHA256

    2ce0479ad8d4e043bef269c58662f7a0ab9530a246176c98dbd331c2c7734237

    SHA512

    0e0e87f1bee1250593efd70eb6e74088e6476441f3f60240b8d27e5047e674d2fd5e9e5223aed23d2a90fabe4d03fc1d3a6af4b3218c09b7a3d608b93a6d7d79

    Download Submit

  • C:\Windows\System32\CKAgent.exe
    Filesize

    133KB

    MD5

    b2edd65139aa6154085f4c93eafd5e54

    SHA1

    8d5ac04f1726d5d3aa7c75cc20787c494b62b0b0

    SHA256

    d294d7168b4e70c2878e2ed9ae47f10a78b3f9985f8ad025cd4d249f1b8c41e7

    SHA512

    c68050294819526ca73da72618405d6b3df04ca23155114056bb084806f1902ca5b216c1413cb04cf0fd53ca940438caef53fc5c271c0c61a642ace9ceb24f05

    Download Submit

  • C:\Windows\System32\JRSKD24.SYS
    Filesize

    13KB

    MD5

    a71cded2d4e34d9471fe1a92f057a551

    SHA1

    154afb1b5a1b3bb1d09bcf9952e8764489aeccd3

    SHA256

    5355a3fd33bc5518148fc64b42323e6ab5fa2277d17e87f9a0762f00c5593346

    SHA512

    5461f58fd7775615fc36aba6ea71177cf6dc3e240123e14556dd922628d935a0b82af0f59a72a6671750ffc74d9921578917dc4329b8d9033f6953acbcede671

    Download Submit

  • memory/3904-62-0x0000000010000000-0x000000001008A000-memory.dmp

    Filesize

    552KB

    Download

  • memory/3904-61-0x0000000000B50000-0x0000000000B7F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/3904-0-0x0000000000400000-0x00000000007FD000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3904-68-0x0000000000400000-0x00000000007FD000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3904-69-0x0000000000400000-0x00000000007FD000-memory.dmp

    Filesize

    4.0MB

    Download