Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    136s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 03:43

General

  • Target

    0d50dbd6b7c1009b886c869774026e08.exe

  • Size

    696KB

  • MD5

    0d50dbd6b7c1009b886c869774026e08

  • SHA1

    7e464a2023d8b08b01c171b4e1cb615570362294

  • SHA256

    0a1327918b6e25eeb22e76b29d1f6a9a56330dbb9a2a46eb678b3f077c68f788

  • SHA512

    5f533ab897b7b901cfa60bad67184d6a26ebacc28a85c67cbf898b995e787fbb26358d5d0d18bf2701ec22019255bf28122424c107302412454a2fb58746addb

  • SSDEEP

    12288:ob9cW5vyb8vFgL1LFYg9ysGbcHasDyb/lDfRq9+uJ7zk+nG8R5+YIHf8pw5a4Ec7:LOgJLFIcHb4/VfRq3JhG8RobEpcas9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d50dbd6b7c1009b886c869774026e08.exe
    "C:\Users\Admin\AppData\Local\Temp\0d50dbd6b7c1009b886c869774026e08.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\TempImg\CheckVer104.exe
      C:\Users\Admin\AppData\Local\TempImg\CheckVer104.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4940
    • C:\Users\Admin\AppData\Local\TempImg\regver.exe
      C:\Users\Admin\AppData\Local\TempImg\regver.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:4480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\TempImg\CheckVer104.exe

    Filesize

    332KB

    MD5

    fa199dffc4991a36725e1a2d272e787e

    SHA1

    68c1db76a8080782e3f450e3f724e4e1564b18f6

    SHA256

    13c8453cb118d3f9d2dc2a1189633ab10162f902758320487f03daf124c4bb9e

    SHA512

    8dc6a2369dc87148ac45cd6ae37f33fcb32c4fd863d17f6166a41c7a4ef40edd6a4da0f57536f382e550add791bf678a5116e0f1cb440649be1b924c3a31a520

  • C:\Users\Admin\AppData\Local\TempImg\regver.exe

    Filesize

    290KB

    MD5

    9181b183dd3096301e7211ed0312de8a

    SHA1

    0c321747b581ad79da70dc9aab183cc12c3bbefd

    SHA256

    202fcecc53f1ffd2d1d85cc4cc79a24ae37285ce564e15615b5d13ca69487968

    SHA512

    5316e0511746c75603ba02eaf79b9aafbb29356f94279f466d3f17e9894082f14cf052ca3b8f52a149815e8c9b58f5d4b02ef1dcc3d677dc27032480f788adf7

  • C:\Users\Admin\AppData\Local\Temp\nsx4C5C.tmp\ExecDos.dll

    Filesize

    5KB

    MD5

    a7cd6206240484c8436c66afb12bdfbf

    SHA1

    0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

    SHA256

    69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

    SHA512

    b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

  • C:\Users\Admin\AppData\Local\Temp\nsx4C5C.tmp\System.dll

    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667