Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

682beaa015...d9.exe

windows7-x64

10

682beaa015...d9.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    86s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    682beaa015c1003d193e5a5815b5b6d9.exe

  • Size

    124KB

  • MD5

    682beaa015c1003d193e5a5815b5b6d9

  • SHA1

    e4c6dc8e737d49f4a061abe299fac66b298ccc93

  • SHA256

    42f0197bd0b0c7c4a93aee887f2252933411a18857ebcbf560a170b3e0030dbf

  • SHA512

    c881e779f4bb4778f4aa752189b14ed834b50a909b6123a2b5e88e1b3414939b68a1d3451f7922a16267bd4f56a85e7f981f9e1700fc0f5c8d9bf7b4d073062d

  • SSDEEP

    1536:L2EmhwRXouBxeDtMYHa27J14ltxporZ45igPNeG0hm:CEmhwRXokeV6gJ1uCt45VIm

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 46 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\682beaa015c1003d193e5a5815b5b6d9.exe
    "C:\Users\Admin\AppData\Local\Temp\682beaa015c1003d193e5a5815b5b6d9.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Admin\bueluo.exe
      "C:\Users\Admin\bueluo.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\bueluo.exe
    Filesize

    92KB

    MD5

    35e9727ab8ad11fa6bb8956112c897d0

    SHA1

    a0c3057ec59c82338305506786ea3f47393dc077

    SHA256

    dbea35e8c82e72ca10a3737976e7ecf5817f1b1d36119d38e01c7d20dc208f96

    SHA512

    2c1f7343913fb5f0ba6540f11fa2056fe6f1c6df53924dafe04a2be1ea6c43cf6a65276188107ffe18374c160bb66d79cd85b989f28ef7482dc07be7939c1707

    Download Submit

  • \Users\Admin\bueluo.exe
    Filesize

    124KB

    MD5

    def4a9c522071145ea6ca941a1413b98

    SHA1

    4183f3ea546f0f0b24f54020bd5508eadc7c57b8

    SHA256

    081b449c584cf1bbcddf9a37081006ed3cb37ce0f2cc2f848c488297a025e889

    SHA512

    1c536f2a13808a171d888c025fac97039caea8c415a206b1ce4358b16c0710149b1feb7629a9946c292fbdcec672d6a19f390341b4fa78d795374429c3cc0d71

    Download Submit

  • \Users\Admin\bueluo.exe
    Filesize

    92KB

    MD5

    9f996d456d91ed0b7ba16bcf3b6a4588

    SHA1

    668231f301d16f33f0a006f5bf6ae70c24f8e3c9

    SHA256

    a96b387bfe9499abfe4753e466cbdbaeb89bdad12f7a3005748066c242d79e4a

    SHA512

    d2f3df26cc820c92b360c7724946b7762f93d7a5675d8f235211080cc1c614ddd7a39a13104463800f32b82c8718cf68d75e124d19e2f6846bf7a6c1f35cd020

    Download Submit