Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

276278b4aa...3c.exe

windows7-x64

10

276278b4aa...3c.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 04:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    276278b4aa15b7db6709f1a688bf9b3c.exe

  • Size

    292KB

  • MD5

    276278b4aa15b7db6709f1a688bf9b3c

  • SHA1

    3371dee3ca31ce6132fc406e3fb5ccd7a2e4010c

  • SHA256

    9fea684da202aad11ff27bf601e4af6a8e65c436c9aaf5f2e5628e31a78fd06b

  • SHA512

    c62ef540979be94844abb1b062e24de040910217be38810eae5e41c0d3c4ea7461efcca2d866615e8830cbcf4507b2b3c1cfd71747819971f02c1d8f1bae631c

  • SSDEEP

    3072:CnYOd4V9diKlqOBq7CFLuupaFBzxk7c7awSZohDnjV2S8NmMx3WarRDS/xtpTxzW:CoicnLuupszxk7USZoDnp23xmg9utEU

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\276278b4aa15b7db6709f1a688bf9b3c.exe
    "C:\Users\Admin\AppData\Local\Temp\276278b4aa15b7db6709f1a688bf9b3c.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\heixouj.exe
      "C:\Users\Admin\heixouj.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\heixouj.exe
    Filesize

    292KB

    MD5

    f500f7d28b035ab4a7bf59a509ba21ee

    SHA1

    006f7100969d0f5a8c24f88ef2f597ea81c45358

    SHA256

    efc31c5fb9dbecc17afb8212930b705eccb77938ba171b4a2c1eab92db5fe260

    SHA512

    1129344e148802ee9cb49d0b56d56dd5c63b9d980784e90dfdbba0203735bbd0310c449336da9b7e1442c90d7ab1396e6bff7ea82557dbd18be25a7294b27c9b

    Download Submit