Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

42e33bb0b0...06.exe

windows7-x64

10

42e33bb0b0...06.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42e33bb0b0f1efcdeb8742d674cd6806.exe

  • Size

    192KB

  • MD5

    42e33bb0b0f1efcdeb8742d674cd6806

  • SHA1

    d1def2f9ac899c9179379044bfa012eb8d7d8a9a

  • SHA256

    702aabd9e92b32e304ae61d2df9708c87990cb493f5cce4212f7b1e1781be3c3

  • SHA512

    b58132660ff1dcb8c062301c0429b74e0225b3f917240338b2d247279dbee7a452ca13b19304259450029ecb610bbe77be70339808cdfc3719ce3c26e69f0b07

  • SSDEEP

    3072:u948xI4/MJROnFnklHC5CTx0/Uqkf/9CUI5l7dp7LVMX1Wn84ogUR8ISTrOcO:uY4JMHCs3hbIBp3VMX1WBUR8dOV

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42e33bb0b0f1efcdeb8742d674cd6806.exe
    "C:\Users\Admin\AppData\Local\Temp\42e33bb0b0f1efcdeb8742d674cd6806.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Users\Admin\fuiizu.exe
      "C:\Users\Admin\fuiizu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\fuiizu.exe
    Filesize

    192KB

    MD5

    ae32ac08652e04b1740085b42c14a6ed

    SHA1

    7ad5d7b18aca5a2700a6ffd1353747e7f52ee0cc

    SHA256

    1224602b53f54af5f449caf10d9dbbabc9fb23e86690473a4a7461145186092a

    SHA512

    1807828d8afd73983d0ec2a92227ffbfe866aada1f62e4237413916126bf332fef5dd667976868d77fb5fe133c7ddfe254843c142eafe21f79f0715ba161fe3b

    Download Submit