Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    16s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 21:29

General

  • Target

    3d7eee4357792eacc3168412c01963f0.exe

  • Size

    216KB

  • MD5

    3d7eee4357792eacc3168412c01963f0

  • SHA1

    4a3a7aff126a3a66b4066a858100ffba40154d3b

  • SHA256

    31bcedfdd8e21c646e994e320e3931ca3a83f31b3f04fa3e2bbab72f3774fb3e

  • SHA512

    03919044f54362ff68eea96807858cc2f5dea03afb00601c0c4c5c7dcb8d145d7e785fb62a3c23058eed4d89e463d96cb75942b41d79b5f14b70137118a67770

  • SSDEEP

    6144:uBhrbA1x5PZZKnvmb7/D26g4upEoadEXUqgVWLIg7gd:GA1x5PZZKnvmb7/D26GadEXUqgDg7gd

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d7eee4357792eacc3168412c01963f0.exe
    "C:\Users\Admin\AppData\Local\Temp\3d7eee4357792eacc3168412c01963f0.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3980
    • C:\Users\Admin\bepel.exe
      "C:\Users\Admin\bepel.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\bepel.exe

    Filesize

    135KB

    MD5

    93ee9e39af2f36bdd67d14e68ede65a1

    SHA1

    b9677090ef50814e35fb4131dd02172c61fefd31

    SHA256

    14aa4bec1b69aaa5b329b3a75427fa077016b505faa5c8796ae77bfe753d2e4f

    SHA512

    960d4623078220e695007a2d75e76e63d6754509902420be2f5b265cc58b43652c7baa6674a31a1e5f3403496ea1a47dd9dbb8adddfa4b729332c2e9f4857dab

  • C:\Users\Admin\bepel.exe

    Filesize

    161KB

    MD5

    2d72dd36b6eace94bd2397e424cc49ae

    SHA1

    db4dda68143b646a3267c649aefca915c712de76

    SHA256

    9ddf0f5f1250a351350cab24a2b7e8585fc3a07d7c268142f153d6ea0663c7fe

    SHA512

    13cd656562edcecdbcad0e5d48d78e798f40bbf89d44a060a06e11edab4a4484d6dfe8609e64c52d897a1dc5f5fb05abbdce6c18cc87207914b8c397e5e7fd61

  • C:\Users\Admin\bepel.exe

    Filesize

    195KB

    MD5

    a72c9f2a65a1d8fc1b072e5a280b5f1e

    SHA1

    05dab7e52e536d3bf181feaa229c52a4716bd338

    SHA256

    20c413c626e4e6655b8b6d2027a9ff58ac89a72fb939bc995466d4188aa73c61

    SHA512

    a3497c97d13031a16cad3cc1fa6db7f4a780a2e3c23f740e7866be13f963d36393bc13db71cc534e8cdab6bb17a0be93dc618b66e8f5697061fb52523411290b