Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

7b9ad5bb7b...83.exe

windows7-x64

10

7b9ad5bb7b...83.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b9ad5bb7b835f4500d114ab663f5c83.exe

  • Size

    200KB

  • MD5

    7b9ad5bb7b835f4500d114ab663f5c83

  • SHA1

    62616ca6da20ab8d3063f9e45baee7d069d97357

  • SHA256

    d489d66321766c1a201d8925ebff564c80438748da2a156a492806fedad877a9

  • SHA512

    9b6913b5e15a6ed5351a6a3f6f1b753056ae57a80968a5376e9c599ba08c59f00542ec8fd39b51a5d250c02e4c9ae75deaaa35d8b05720eee5ded34a88d17042

  • SSDEEP

    3072:QIsMzFaDEKrEgQKfQ2OOOFOWhwO2OOOOOrOOOOhOOOOO3OOOF/7OOOOOMOsOOOi1:

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9ad5bb7b835f4500d114ab663f5c83.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9ad5bb7b835f4500d114ab663f5c83.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Users\Admin\biuawik.exe
      "C:\Users\Admin\biuawik.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\biuawik.exe
    Filesize

    92KB

    MD5

    0ee098ee139741fbb1be457ce04a6537

    SHA1

    1cabafc872469e8b1d73da48b620205dfba8f1fa

    SHA256

    48cb0854788d1c88dbbfaa75e23af6edb412a88fa65299feb1bc37ee1572a4e9

    SHA512

    de5240c137bf654db3182984426007d5e5f935a7b9c5450375cba29214e7ca6d4487002554eed4bf32bb8fe64d3b7e499b3555cd55f81e560b8babac6f7c3a31

    Download Submit

  • \Users\Admin\biuawik.exe
    Filesize

    95KB

    MD5

    6ef84d292b6736bb2caa2bcdeec04576

    SHA1

    adda8554213c457bfaf070d79e6340c4aedbd69d

    SHA256

    48d48522a77b0b6a34bd010b73bb0105c18f33ec8191398c3d0da9a6d334baaf

    SHA512

    c63005a23f372e1cff27e5bbbcee4d85c39e05e96b619d788043bd31f019a95c34edfb34f764a61a984d63f5974301e27d187878d3bf7adff814ec9e4c207ad7

    Download Submit

  • \Users\Admin\biuawik.exe
    Filesize

    93KB

    MD5

    285612703cd6e04fd607f6cb009078e5

    SHA1

    838177daed96c4bbce73545f9dd385825579c41d

    SHA256

    e1044136d4a041efaa2cdb35e7953b69c137ad0783117756866ae40f02d7ba2c

    SHA512

    76a49da165ba6a6d69623214ffab1710a22a3ad054a77a8eada015983a21596c16157646df96663f67912121cde32eb15e128c437441c3d69e74df01480e553b

    Download Submit