Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4bccbcbd9a...c6.exe

windows7-x64

10

4bccbcbd9a...c6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bccbcbd9afdc5a5414bb4e3a5baf9c6.exe

  • Size

    248KB

  • MD5

    4bccbcbd9afdc5a5414bb4e3a5baf9c6

  • SHA1

    2701ffd37a285dd99d7f2f7e6f040e9c31124d91

  • SHA256

    9d74a521cf853fcecfca10f501c7b88ebe5a11434722ebae15d9a33121152e8a

  • SHA512

    bc50ac763159f2e801fe3f31cc3f4c976f639beba2ceda90dee0a086ec26f9ed211fbaf53496605e5eaab0dbe21cbfc7c20641f6ba1fd8fcc1f9c3fba7053d2a

  • SSDEEP

    1536:S+gu3c9YnLmU9tlk81NM6MoAUK1bWYxYZ8Q6iwkSQ7A/XZKl/YWAISDKowoz/GHg:Fgu3klUPlk83AzxYkijDcdeD4x

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bccbcbd9afdc5a5414bb4e3a5baf9c6.exe
    "C:\Users\Admin\AppData\Local\Temp\4bccbcbd9afdc5a5414bb4e3a5baf9c6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Users\Admin\reere.exe
      "C:\Users\Admin\reere.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\reere.exe
    Filesize

    248KB

    MD5

    a20c1842cc06d1e5a6d35259f2d26a87

    SHA1

    d02f1ee24d8ebf11de1bbe1020f8714793bbd38c

    SHA256

    a0e57dd36c0e501680941c8da0b9753065b65778a6cea7ed04473b7ad7279aae

    SHA512

    b385d22dc4d6a989506d16297bbf76b23b05064368a77d56d0de95d012fc9d24b53609c3eb5102f4d7ab3c17cc12aa1e0e0d303dbb8406a90dd7efd2fe38e856

    Download Submit