Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

69e0b698b5...d4.exe

windows7-x64

10

69e0b698b5...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    37s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69e0b698b55ec6f5a0fbce20d487a8d4.exe

  • Size

    512KB

  • MD5

    69e0b698b55ec6f5a0fbce20d487a8d4

  • SHA1

    dfc5cc42fe6b29a619ffb96926f09e39786572e2

  • SHA256

    9ce290a5cff2493a8e029645c1e4e7b15fd9bf333891db0b1c743aef8e977fda

  • SHA512

    aaef2305d53d4b809fca612cbc02e386f4772d97cd94771e8c8dfd71e15e5e1095c1339f75b6d624aaef48fb245fa3ea5f2b482e0372875c930c8a914c518bde

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6W:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm53

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69e0b698b55ec6f5a0fbce20d487a8d4.exe
    "C:\Users\Admin\AppData\Local\Temp\69e0b698b55ec6f5a0fbce20d487a8d4.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Windows\SysWOW64\ynvbogbuiq.exe
      ynvbogbuiq.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3320
      • C:\Windows\SysWOW64\rqalfsjg.exe
        C:\Windows\system32\rqalfsjg.exe
        3⤵
          PID:2616
      • C:\Windows\SysWOW64\pzhuyizqydxfxev.exe
        pzhuyizqydxfxev.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4628
      • C:\Windows\SysWOW64\omndtyaxrmpgl.exe
        omndtyaxrmpgl.exe
        2⤵
        • Executes dropped EXE
        PID:3208
      • C:\Windows\SysWOW64\rqalfsjg.exe
        rqalfsjg.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4812
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
        2⤵
          PID:2024

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
        Filesize

        32KB

        MD5

        f9f424d782bb8ba955a489ada125563b

        SHA1

        d2e1141ee39c24d4fe8612ce3d300a0fa0a52885

        SHA256

        1a3e518b49f834b1ce257845d7d6b1763bcac3c6b5b936d493978d899902dba8

        SHA512

        fc95e84827b9bbcb52e314738546e04a51797e6c0389526b9487c74401a39a551edf934408f74d868320d437afd5035aee1896e5b0d669cc5c0c72754596b76c

        Download Submit

      • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
        Filesize

        41KB

        MD5

        985acfef3b37f60475c3158ffaf26a6f

        SHA1

        b6bd7c2b926750b06a9a0517166e4a17c4cdfad6

        SHA256

        8702eef355c75ed4bc04625b9e332a92596db5aa23728ee0f1eb147951812adc

        SHA512

        206bc3ef04cf52ef574f9c8a57c7b076e9d21ce513089d6282f528039029dacebd7ed0a48a7c483deaeabef604bbd16eb6ecaa9c25f8e1646f2cba2649c323e0

        Download Submit

      • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
        Filesize

        8KB

        MD5

        13efb428d64d5ecf994c768eef7fec5e

        SHA1

        18e73d090399e5b0d2db6b709b69bbefc31c417d

        SHA256

        a0174ab2dbb93e6f8e696cc77a0e68353f9aa802c28e9173c15dbe1166c1671f

        SHA512

        635c8bc355ad31bb4523dbfd7d8cfdde0cf5ffef1f3dc649ef3b6e32822c2df134480cf4d254f84c9ffc12bf028ed7cf443a081df85fcc67ceb4887b5cba005b

        Download Submit

      • memory/2024-51-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-44-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-48-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-50-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-49-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-136-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-52-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-54-0x00007FFC4EF10000-0x00007FFC4EF20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-53-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-47-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-45-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-43-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-42-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-40-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-46-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-39-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-38-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-102-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-103-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-104-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-55-0x00007FFC4EF10000-0x00007FFC4EF20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-41-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-37-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-142-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-141-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-140-0x00007FFC91250000-0x00007FFC91445000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2024-139-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-138-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-137-0x00007FFC512D0000-0x00007FFC512E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3316-0-0x0000000000400000-0x0000000000496000-memory.dmp

        Filesize

        600KB

        Download