Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    166s
  • max time network
    184s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 03:25

General

  • Target

    02e79a2037e12938390848af1f38cc75.exe

  • Size

    176KB

  • MD5

    02e79a2037e12938390848af1f38cc75

  • SHA1

    3b81b7492a7c677c742067b8060e088bf14300c2

  • SHA256

    1d03b2a5365f07b3f46db39b8e6d5d676894720c496c82b2a768da3b560df2d9

  • SHA512

    4e144b826935e8a6bf3d55112ac1a9199e2371df3b997a57f77f9b157c62e87611a32c0bcbd880c8e77471a28541fbdb6dbbd1f20e116b035e0dca1d79e8d0ce

  • SSDEEP

    3072:QC1IrKk+gj2HsfyKnvmb7/D26zjlBvWlzPpsPfIQ8sqLELTS55pMzcUK1eUyGei:/k+1Knvmb7/D26zjlBvWhPpsPfIQ8sq5

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02e79a2037e12938390848af1f38cc75.exe
    "C:\Users\Admin\AppData\Local\Temp\02e79a2037e12938390848af1f38cc75.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Users\Admin\fuibeu.exe
      "C:\Users\Admin\fuibeu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\fuibeu.exe

    Filesize

    176KB

    MD5

    a529b361e7f5c098064e2b9552fe74d4

    SHA1

    6d46d016f6a121221fa7fe81c36dc7140925d114

    SHA256

    7a96a5589281824f7f512ef2a91818c0fac722406254a20657a871999c9be18f

    SHA512

    967b5bec2ea71eb2e623106bb2e38398f9e575fdd3526c8aef3e49e6287a57f6a7d0d42c4105cf6f18c9f7cab79636df271dafedb12fe6274c59d6ae9eaf414f