Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

141fff49f3...41.exe

windows7-x64

10

141fff49f3...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    211s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    141fff49f3c43b14d0e597cdd7563b41.exe

  • Size

    244KB

  • MD5

    141fff49f3c43b14d0e597cdd7563b41

  • SHA1

    5fc618279814a05fca3c083b4155fc6b0e1bba77

  • SHA256

    199af3247f010ba14f088d08433b75bd5376a3016829157dbf4942bc2e3ff5bb

  • SHA512

    8c51ac77484d527a9e4b7785db72f921628096822e5928ea54284bb35d8b249f8b5511963bee1b5a2b06dbe8bcf054b705e25675e4ee020f23271f9adb818ee5

  • SSDEEP

    3072:8jYMSAOVRMcy1imsW7A0g3XDYHYTvZm3ov5Q4/cMIVH5bEvhSSqeLSqnjeD:er7KRFy1imdJgc4s2QRhH5IX

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\141fff49f3c43b14d0e597cdd7563b41.exe
    "C:\Users\Admin\AppData\Local\Temp\141fff49f3c43b14d0e597cdd7563b41.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Users\Admin\jumaq.exe
      "C:\Users\Admin\jumaq.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\jumaq.exe
    Filesize

    207KB

    MD5

    34742cd990121b3431be228c0fb06ca1

    SHA1

    1dd77f73c7802a244389b0683b81d011a5d53fd4

    SHA256

    7520a7c2829197f6ca369f0cff29b79dcaab02c152cc6751119258d21b5c5770

    SHA512

    99146ce64c43ccaee013a11e3a249345d9dbb9062cca23af98650c24f0947b2b8b3d84b4e40919317a1e6905c507e3c04cdabf89274a6e9dbdede2693018f60d

    Download Submit

  • C:\Users\Admin\jumaq.exe
    Filesize

    242KB

    MD5

    b042b6df4336843eb0ea3b3970d39e20

    SHA1

    effa2a26848fb2553e7b470e6a24b1ac8fa0d98f

    SHA256

    3d6bdcd18b76cf91a712add53fc461fb8c34abec7c0fa868cd216f756de2a501

    SHA512

    08494cab663b138fa0ede5036d75af9710d332375ea54b0d2ef6dd8eb549e0cd4dcb50bdfe506320291e5b4a2413dc01917be0d9ffb0775592878c85c835184a

    Download Submit

  • C:\Users\Admin\jumaq.exe
    Filesize

    244KB

    MD5

    6eec9fb5afaad305d1b9d6f2f2642cce

    SHA1

    d6440a3c49b390346e89900f7c72609a4b743478

    SHA256

    f4f5b8cc86510791049fe120452bf90bd307f045fc6596d77ab426a7b2450083

    SHA512

    afdbe7447f3ea9c35431c1e4ebd4497eae605cf2d50762b3bcdb16d7101c316d4cb93da1954e7f4c984706dfd1914dd815b400f9e1cd7d4a7abf07fb42f145d1

    Download Submit