Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 04:50

General

  • Target

    559ffeb585d72a19a71befab8fd72ad3.exe

  • Size

    160KB

  • MD5

    559ffeb585d72a19a71befab8fd72ad3

  • SHA1

    6eab325d0f34a7f8b7b4dcc37546cf193e0d6713

  • SHA256

    9842285a693ace52b68524bf03b31df13483e969085db88e79b5eceaa9b69fbe

  • SHA512

    b6546d160ccf430d64ed983474805b683afed23fd304e192796537c9a0acd50e97ef1e9a213de87e7ed6e309827073992085fe8de703ad46770d5ded9cea8c49

  • SSDEEP

    3072:SGCbZSukOY8hrJFVNM/N/5sfqDfwqfEei:lork6hrJ3NON/5sGoei

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\559ffeb585d72a19a71befab8fd72ad3.exe
    "C:\Users\Admin\AppData\Local\Temp\559ffeb585d72a19a71befab8fd72ad3.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Users\Admin\touiza.exe
      "C:\Users\Admin\touiza.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\touiza.exe

    Filesize

    92KB

    MD5

    3e3143b0ed2e47ecdc0a14b30f576219

    SHA1

    a486f2d4429f8c497780c68c75573118b699d537

    SHA256

    d0c3afa02a28f35e600de86f8bacc763d8a7c3a5b2135c2b842612fe99e06d9e

    SHA512

    4e0bcf7b7ba0a75f239a8296f61bcdaa4dece91e238ae286053b79e2a47a243ef34288c3d99462d4606ee2650b6019e2f20b384a8bfb4e7bcf79bad8570796c0

  • C:\Users\Admin\touiza.exe

    Filesize

    160KB

    MD5

    24052566c4ca60d32daf791fd233a4aa

    SHA1

    8149cfc62f08d14bcc6a43f93a4b0b680ad83946

    SHA256

    a89a75c26a0dac3b1b1903d12c16c8ea1eba4c38e91be5afd800d22212855ad4

    SHA512

    e71e6314bd33377db55575f2a26e63fc0093931d93b238aa85a5a2c04ca9ea90f96931e4534a2f54607df7a476c3f5c84b5bb48271eeb7fcebea2a225a88df56

  • \Users\Admin\touiza.exe

    Filesize

    96KB

    MD5

    a9606328272de54942b6439c624a6804

    SHA1

    1575771853d6eef6d14a3eb2f6bc3075ae58849a

    SHA256

    00bcbb356543029753a7a159b12f24183666456b8963ddc5a4150f79ab79deb0

    SHA512

    636abdd9441199e2a0dfdd2bcadfb2f0e5abb65262baccffe59d08176977aa27e1dcd1a379296efcf238c0a27b4233d85557650fac09382e4b5621cfc8c4650f

  • memory/1052-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/1052-15-0x00000000033F0000-0x000000000341F000-memory.dmp

    Filesize

    188KB

  • memory/1052-19-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/1052-20-0x00000000033F0000-0x000000000341F000-memory.dmp

    Filesize

    188KB

  • memory/1052-21-0x00000000033F0000-0x000000000341F000-memory.dmp

    Filesize

    188KB

  • memory/2188-16-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

  • memory/2188-22-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB