Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4757bfc0ca...61.exe

windows7-x64

10

4757bfc0ca...61.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 22:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4757bfc0ca2cf9c44700dc7c62d9f361.exe

  • Size

    312KB

  • MD5

    4757bfc0ca2cf9c44700dc7c62d9f361

  • SHA1

    951099744888460018f1fdf738e43f5ee3dffcf2

  • SHA256

    55b0000c25f39aea4b6750bc0c9db591d0f83b13f788a506460ab3a3a2cac44e

  • SHA512

    99de2eb68ff103833de95a5d98e6e976dafc60dd1d45bf1272f607011b846d86f6b88461bd51d99dd934e55987fc016ae60c020d00bd552bef3a5d1791ad3976

  • SSDEEP

    6144:8KkafWxJYw4xusHwsY0sQenWuPxnyXX7:9fWxJIAsQsY0+R

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4757bfc0ca2cf9c44700dc7c62d9f361.exe
    "C:\Users\Admin\AppData\Local\Temp\4757bfc0ca2cf9c44700dc7c62d9f361.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Users\Admin\yoowu.exe
      "C:\Users\Admin\yoowu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1824

Network

  • flag-us
    DNS
    ns1.musiczipz.com
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musiczipz.com
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.net
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.net
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.org
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.org
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixa.org
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixa.org
    IN A
  • flag-us
    DNS
    ns1.musicmixb.co
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixb.co
    IN A
    Response
  • flag-us
    DNS
    ns1.musicmixb.co
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixb.co
    IN A
  • flag-us
    DNS
    ns1.musicmixc.com
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.musicmixc.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    ns1.musiczipz.com
    dns
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musiczipz.com

  • 8.8.8.8:53
    ns1.musicmixa.net
    dns
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musicmixa.net

  • 8.8.8.8:53
    ns1.musicmixa.org
    dns
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    126 B
     145 B
     2
    1

    DNS Request

    ns1.musicmixa.org

    DNS Request

    ns1.musicmixa.org

  • 8.8.8.8:53
    ns1.musicmixb.co
    dns
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    124 B
     127 B
     2
    1

    DNS Request

    ns1.musicmixb.co

    DNS Request

    ns1.musicmixb.co

  • 8.8.8.8:53
    ns1.musicmixc.com
    dns
    4757bfc0ca2cf9c44700dc7c62d9f361.exe
    63 B
     136 B
     1
    1

    DNS Request

    ns1.musicmixc.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\yoowu.exe
    Filesize

    92KB

    MD5

    98011935974f7c2b60ac335013677ce6

    SHA1

    710c57aa95dbdf2e946bf1b9f058d2db5f63e246

    SHA256

    673cac15eed43b243cdad3d8f2349265b66c23e491453574e63156ba13c0dc32

    SHA512

    3650847b54ffec13dfeb024aeab495332180b0401d2cdcec95b47f13dde1b44134a1cc4fd93281072e6978db5f94426036c3212903f4fa839d99b91bf2f3d175

    Download Submit

  • C:\Users\Admin\yoowu.exe
    Filesize

    312KB

    MD5

    d30eeda1ced4d54716a8acbdff255028

    SHA1

    5ca4ac535fcafe9335cbb08f8dcb02f4c4e1ff96

    SHA256

    44974e9a0a445e045ac09ba177ff03f91e115647e7db1538302cd97149749121

    SHA512

    e7da1f4fbd116421038a715a8d81bdef911015ca42b471325e1fa8341d8818379fd3b426fb4d2ca0e32f2d2b1eb069c51b30fbb25996aa4088ac48193de050dc

    Download Submit

  • \Users\Admin\yoowu.exe
    Filesize

    93KB

    MD5

    72ba4a9d5128c73d1bd04f89ca863b6a

    SHA1

    49d143555cbf8d2cac22a5313fd693f272dd4056

    SHA256

    48a020e3219cf7b492252ecab04b566bcadc0f96e711c2a62acd295d2101b559

    SHA512

    f192c58951b73a0f102317aefb17480de583b0ee44467fa05bae2ce1e98fb24a5cbc1f48d348cdebdfbde14d69e775f2af28954b6ba3be2d0d7223531862ccc1

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.