Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 08:45

General

  • Target

    60d9309a653f3898838630f35fc52e6d.exe

  • Size

    204KB

  • MD5

    60d9309a653f3898838630f35fc52e6d

  • SHA1

    6a88c26a832e404ef907ddd1efeea2d02bd30415

  • SHA256

    30a62683bcea037a05153c663bb441ea78110d17a419f4b99b5ce5b437157852

  • SHA512

    8b65376e48167aa7ac6209011611e4aaca6192d70059158640f2e5209546772d8d0f20bc1dc1ea81e3cb2875d3d77469efbdd5efad06cae65459f0614bf18596

  • SSDEEP

    1536:cz+OokHo1vzxHwxS8l2xNy3tQ9CW5EZWHakMwP9W6uXNh9h1AWa11GBPIdRONd+5:oHo14M0tQ9nLHbB9WTk9+JgqmltN7

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60d9309a653f3898838630f35fc52e6d.exe
    "C:\Users\Admin\AppData\Local\Temp\60d9309a653f3898838630f35fc52e6d.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\duereeg.exe
      "C:\Users\Admin\duereeg.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\duereeg.exe

    Filesize

    204KB

    MD5

    0ab98fd8a1db1b960d40d4db293bd58e

    SHA1

    2c0ffbb313e116974a0a027a026255096932f8a7

    SHA256

    4f6e1ab497092f9b71fd51242ca3e31583f0ab36849e422343058663f1c41d73

    SHA512

    7aefd3106bb5aadf88379064dba1290b30364e61732da69776b7ad2d39362c2fddc65bc50b7af997b3f672fc05a729355afd377ad6e704b0e69c03d91b66d185

  • \Users\Admin\duereeg.exe

    Filesize

    92KB

    MD5

    21cffd74d3707d27fbdc725a193fe834

    SHA1

    d3bee5ef34e309351293b62b62246e0e94787efd

    SHA256

    08bc91d23f33347195beba141302eca9b9b076af68b7023d17698c33b752bc8b

    SHA512

    fee8ea3d02866c8cf5e119cd69d26f5413a8bebf6998d8de5aacc5c1a63b3a684513b8e5b28e5c558046c6f232df0cce40fa536f5fd9564e186ed2e1b127ca3f