Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

12d6326f0b...b8.exe

windows7-x64

10

12d6326f0b...b8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12d6326f0ba97c6bb9e5d63db15c81b8.exe

  • Size

    232KB

  • MD5

    12d6326f0ba97c6bb9e5d63db15c81b8

  • SHA1

    131f622ca4b5b6170343ac449ce61656837e2ca8

  • SHA256

    55ff7004fcfe3be2ead8eac697d35b38cecc3054517ae17c62425d9807ecb917

  • SHA512

    e15dad040171aac0b8a5d436056c602c2e8eda22fdd182cea38685aef1236aa0101a09a76e6180f5e6d1eb9fcfaa00f40d622d261bc4e2d5b830e978f71da18c

  • SSDEEP

    6144:kVcgVpXADylVl85IwwiXeujvWBxD2dMp/FFc8pZff:+ceXADylVl85IwwiXeujvWBxD2dO/F5t

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12d6326f0ba97c6bb9e5d63db15c81b8.exe
    "C:\Users\Admin\AppData\Local\Temp\12d6326f0ba97c6bb9e5d63db15c81b8.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Users\Admin\cauobuh.exe
      "C:\Users\Admin\cauobuh.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\cauobuh.exe
    Filesize

    232KB

    MD5

    1221dc1c9417e078063c3da3d2245286

    SHA1

    2dafab48e3c733b7f1b4609dd6ff74f0abfc49c3

    SHA256

    48e76f0d90330e23d296223490dbcbf72605a11702bcc8bc7db6bbf2d28c0b8b

    SHA512

    74dacb593a8afcca18e27d5f1f0fb46dae413a5382d2029e83c1c15c7180be802561d05753cf2440258961b26cd2029bfd77f533dbaa7c9d1a5466ba48ba8db3

    Download Submit

  • C:\Users\Admin\cauobuh.exe
    Filesize

    151KB

    MD5

    c61e3c7d271194cd215d6a521bc9d6e6

    SHA1

    34d8e8d16e585617c334ad7c7d639c1f1e3ad9ab

    SHA256

    3e7bf8717150c65ebf731a0ae07a1dd76b0f157db84ce6a460278c07feae33ab

    SHA512

    100f99c0020628fa89f777bdfb69b22ac84d94d010b47593262b5c678632c891f2dcedc7f17aec8b68f08208de397d38a162075f7cd0b1061331abe8e8eafacc

    Download Submit

  • \Users\Admin\cauobuh.exe
    Filesize

    177KB

    MD5

    8b19ca826ff9d860877008a680197191

    SHA1

    7eee535ae815b815e4b55e85cf10a54c846c88d9

    SHA256

    2293fbb32cb57fe357d704f6e02d1d0507ba2d4aa8a98c908141bb8d00d0f60d

    SHA512

    e4f94dfaee46ca1ce95fefeafbf41655109ee3d7a556becad47a50a9dea4cf954ad1f324df47e12314178af765e44a98187b4d3e987e36d130b0919e5df60926

    Download Submit