Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

DLLLoad.exe

windows7-x64

5

DLLLoad.exe

windows10-2004-x64

5

Hamachi France.url

windows7-x64

1

Hamachi France.url

windows10-2004-x64

1

TeknoGods.dll

windows7-x64

5

TeknoGods.dll

windows10-2004-x64

5

teknohelper.exe

windows7-x64

5

teknohelper.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    192s
  • max time network
    213s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2023, 20:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    teknohelper.exe

  • Size

    457KB

  • MD5

    a5dbf2b7cedc1bc16324b906d6c4e79c

  • SHA1

    d78da1c2d3fc9e3a6039537e0901986637b21822

  • SHA256

    43fc888c86ca530aadddf0b7a3874981fdbf6ffdfeb17566e669964b8fc158bb

  • SHA512

    58a205edfd79458686035063c50afc301771fdbba1150201c64a4fae279a648c05b9055b1279587ab2715b39a4d1446f7c419402634e254a4ac4da679695a518

  • SSDEEP

    6144:WpvhSvqHoHPjfx5ONI/nwugiLGCnNYkgRzw/4nVZeg9ZJm1N+SdfmK/SAy0:svhSyILJ5bnwuLL9nN8wy59ZI1wpay0

Score
5/10

Malware Config

Signatures

  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\teknohelper.exe
    "C:\Users\Admin\AppData\Local\Temp\teknohelper.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\disable.gif
    Filesize

    95B

    MD5

    17ed44fbb41d2582e5fdce0cf8f6f5c8

    SHA1

    ef2e3d9a288279bf8f9aa8a90632c36e03cf0dd4

    SHA256

    94d67732be172a0f16383fe05b711419adaf847873f0a8786262d42a4eb65b32

    SHA512

    865e5f71b517c79f196b4b90d6208120ae62c092a14eb4e4bbb508db4c9f73b191ed29e967658c26ac81902890188f2ea921a7baa43fac89e46cf5b893287ff0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\logox.gif
    Filesize

    28KB

    MD5

    0e9addb0fb4415daaf68cfb63377bde9

    SHA1

    d25e042177906c8c9800f206bea3e3af8be7701d

    SHA256

    fa64a812e738a1d69946fac117cd94cd34a0ae57d396fccbc849f3a87ace184d

    SHA512

    875a3f42ad4e6845506f5ffafef8848ea369ec07af1b4da7329269a6a488097e26f380a4fb2f75da67adbbcca5a1019ed7195f04e6980138f1761fd62cc0c4a5

    Download Submit

  • memory/2588-0-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2588-1-0x0000000000130000-0x0000000000133000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2588-33-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2588-36-0x0000000000130000-0x0000000000133000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2588-38-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2588-43-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download