Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

062e12008a...8c.exe

windows7-x64

10

062e12008a...8c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 04:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    062e12008afd33f39718db8a21b2128c.exe

  • Size

    292KB

  • MD5

    062e12008afd33f39718db8a21b2128c

  • SHA1

    4063cedbca0bc470735f458fe02dc0f6fe92a814

  • SHA256

    19efe0ad042bcb1e27679f9c9b20d02106ac01c73a87593e25f7ad5d57eecea7

  • SHA512

    88f81b77d260d1d6df050aeb21c4a8b648fcaad196d84b5009d0a1b41ecb0dae2bffaedb3fa6431e9dd79881bc85f4c61ea2c3cb2af2c6b959e6f1eab701fc36

  • SSDEEP

    6144:tuYlw9OOaUP9VO3oTUX5K/fObT/bGilTBpSthkZ7xCrLOzpqnI3YxZkoVvdB:thlw9eUV03owX5K/fObT/bGi4hkZ7xC9

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\062e12008afd33f39718db8a21b2128c.exe
    "C:\Users\Admin\AppData\Local\Temp\062e12008afd33f39718db8a21b2128c.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:356
    • C:\Users\Admin\goikoq.exe
      "C:\Users\Admin\goikoq.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\goikoq.exe
    Filesize

    292KB

    MD5

    666facc49a5def69bef0a22be5c8e7cc

    SHA1

    cc69f25e5e7ce875922cd8da70b9939b8b4b135b

    SHA256

    76485d064272615327c6421785fc4bd6c55c03a6bf541caaf65d3510c132ed03

    SHA512

    83f4cc0e2a03052d8c54f6084afe8b60cd36a2acdf2040693d0c5eb1b435b4976b15ac13fea2ecd307462545b6faef704c844c8c2368cae12e7b7aa8cf1764df

    Download Submit