Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4b0b2e5e25...4e.exe

windows7-x64

10

4b0b2e5e25...4e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b0b2e5e25aefcf2a018bb58ce6f4a4e.exe

  • Size

    285KB

  • MD5

    4b0b2e5e25aefcf2a018bb58ce6f4a4e

  • SHA1

    d30d427278cbef519f124f5869855e049ad998cc

  • SHA256

    25a3d3859e33ba20bf5ce977c29c6a1aa33320de88b1e41e2e6235f3c764bb6f

  • SHA512

    521b87246f39df6d05aa272c8c6d552fa0612730545eae66185b38daae668078d6f5ec28d563ba19f3e427d3dec39fb0797f47c9955000cab9d575e95514164a

  • SSDEEP

    6144:KcnKjO4Cq9i3CmC0x5ASpwf7BFRf3axVbkHVj:dKjyqU3W0DCf7BFR/Pl

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b0b2e5e25aefcf2a018bb58ce6f4a4e.exe
    "C:\Users\Admin\AppData\Local\Temp\4b0b2e5e25aefcf2a018bb58ce6f4a4e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Documents and Settings\tazebama.dl_
      "C:\Documents and Settings\tazebama.dl_"
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings\tazebama.dl_
    Filesize

    7KB

    MD5

    7fe854aad28a8f2a0eaf6f598735acad

    SHA1

    ba02538b52366f59d658abf35c83f21029b79d7b

    SHA256

    61ba266ab18868528873bec48bf8fbd8cebee053376dc81b8cd60fe9c0b323eb

    SHA512

    dfe0ed06ca9a09df47c67fd9beaf5580ea4dcbb8587138c22d93d7e98514f59cd0536187c487958b157cc029b95a900118d729e8e415b56fd3782ed1de3f168b

    Download Submit

  • C:\Users\tazebama.dl_
    Filesize

    136KB

    MD5

    7ae57aa2bf5dc3fe9d50a62c878cc1d7

    SHA1

    721ef8165c9f6f93b7e393d7283268de70b27b3e

    SHA256

    34ccc73674d594c4a6bfc1af4841ce9e70369cd21ebd89bb4ca552732efce8bc

    SHA512

    61a0fdac365d5d1de1caf9d6d3756c804dcd8aba11768ecb95e924fb7b31c6b93788d7686e49db186e268ff49f5103fd8a27c5db0301ab16983383d37db2541f

    Download Submit

  • C:\zPharaoh.exe
    Filesize

    149KB

    MD5

    e19d8acdfe221ee2e142172a4bc39748

    SHA1

    670b2d3dc0a84bc4d3b42ae98480a8eb568e9124

    SHA256

    59fb0251e0e473446d92d0a9c4877ffbfe40275c718a2b59b96b791b7b5ccb2e

    SHA512

    ac03104a4a684483ec50dc29d49b575c47607716cd18257a796a3cef580905ca62a4cb04a9cda78d911f1d61e0f8a2af07ecacf4f5b51347e6c38887cbe746d0

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3308111660-3636268597-2291490419-1000\RCX6328.tmp
    Filesize

    69KB

    MD5

    8ba404e90194c38541e324657e72f74c

    SHA1

    ad9fda28f95b7747579a7fbb8a18e1d1e6311a49

    SHA256

    8145e4c62390f9c55343cc6dadb790dc2cb9463c4f578fa57bf43f12c4720340

    SHA512

    1f594ebb6b970c9cb86b97d642351106a52db407c6e90db7391b50e97a1136e5ba13aeec66c9b985192c377d8c5c70d3746a00f37bcc83855fea316cf8d82362

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3308111660-3636268597-2291490419-1000\S-1-5-21-3308111660-3636268597-2291490419-1000 .exe
    Filesize

    112KB

    MD5

    87a148b02d9f3fb23f27a8b903ee7dc8

    SHA1

    0deb87175c9af97120aa3b1d60016af5598cfea3

    SHA256

    7c3454ab9550f4792408c665506c021e451a990a29b0eba31f3ab2d10f20d3de

    SHA512

    aa42acb96027f3e998c1a8715518e08c49853c701e431a6402273e69467a5dbab44815d80bcd81b89b321584a2cf1e3d8ee29fb102982980a75cc7785bf857a6

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3308111660-3636268597-2291490419-1000\S-1-5-21-3308111660-3636268597-2291490419-1000 .exe
    Filesize

    151KB

    MD5

    9e1c71f2ce8e7a43cf22c2dd1a893d40

    SHA1

    f74b52a7a804d837d27c83b566e539d4171b0060

    SHA256

    d571ed02084514d6a9fa1b5d87caf960a87737e893c8fe5d1b4ed67b520025db

    SHA512

    05d9e1bf75e2f80570a077506bd2673c86a3ca6ff42c539ee903fc211a4b54cf1edff5900c74a848facf068870c31d88fe0650001e3929b1d6e45ac40607a211

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3308111660-3636268597-2291490419-1000\WinrRarSerialInstall.exe
    Filesize

    151KB

    MD5

    f529b0f248564d09e25e4b5e9512a1e6

    SHA1

    efa8a91c9d7a994cea1a80cd3a96dc02a16736c9

    SHA256

    c469346a0134de75110559132779768473662e46df00918737270f57234c5e8a

    SHA512

    b56409adf4e61add1293d20a815429fe36e3838ce17cae1fa34bb47a2565c582c3d50a9a6d18fad04b4e3b716bb03dec1e34ed8bfbba58f8cf2d2970b1ae3d58

    Download Submit

  • \Users\tazebama.dl_
    Filesize

    151KB

    MD5

    584236ebab3d43c6332e2cf0592a3f6e

    SHA1

    bf2c09f54779c516adc3a3f0bdf60a040dea64f0

    SHA256

    a2cc1f2a2957608ef76da86b6978d11b92364ad03f923478d9839190045815dc

    SHA512

    9e2a5c71f650c36ee26fbbf5f40aabb5805dc3aefe2b2fb9d3ed437ed7c41a549c8d7a22fbb4c43027f1114a6238e09a2449bff02988f047dfed6d6e443d62cb

    Download Submit

  • \Users\tazebama.dll
    Filesize

    32KB

    MD5

    b6a03576e595afacb37ada2f1d5a0529

    SHA1

    d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8

    SHA256

    1707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad

    SHA512

    181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c

    Download Submit

  • memory/2972-14-0x00000000003C0000-0x00000000003D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2972-16-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2972-47-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2972-2-0x00000000002B0000-0x00000000002D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2972-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2972-1-0x00000000002B0000-0x00000000002D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3060-17-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download