Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

smeet_hack.exe

windows7-x64

10

smeet_hack.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    162s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    smeet_hack.exe

  • Size

    132KB

  • MD5

    b9fe8ba9fa03b661875eafadef6deeba

  • SHA1

    26740c46154ebde429393343b1340718948d5d2a

  • SHA256

    793de2577ef5401c24923a67bd9dd270fba01a29a57b935793534a7b9b6e753b

  • SHA512

    42af1306dbfab18a54457a0caff59fff512f3a6be145fd45b92da7199307cb8781f066d7281be43594f2aaf288b8b02ffd6dd5bd0a0ce8f01d5eb46828fbd8ac

  • SSDEEP

    3072:+k/HpFI90No9z22drwEVIDEtc8aRFxhYi:THpFI9c2dswtcv7b

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies registry key 1 TTPs 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\smeet_hack.exe
    "C:\Users\Admin\AppData\Local\Temp\smeet_hack.exe"
    1⤵
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Windows\SYSTEM32\REG.exe
      REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      2⤵
      • UAC bypass
      • Modifies registry key
      PID:2508
    • C:\Windows\SYSTEM32\REG.exe
      REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
      2⤵
      • Modifies registry key
      PID:2692
    • C:\Windows\SYSTEM32\REG.exe
      REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f
      2⤵
      • Modifies registry key
      PID:4212
    • C:\Windows\SYSTEM32\REG.exe
      REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
      2⤵
      • Modifies registry key
      PID:3020
    • C:\Windows\SYSTEM32\REG.exe
      REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f
      2⤵
      • Modifies registry key
      PID:3804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1164-0-0x00007FFC730B0000-0x00007FFC73A51000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1164-1-0x00007FFC730B0000-0x00007FFC73A51000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1164-2-0x0000000000DD0000-0x0000000000DE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1164-3-0x000000001B4D0000-0x000000001B576000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1164-4-0x000000001BA50000-0x000000001BF1E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/1164-5-0x00007FFC730B0000-0x00007FFC73A51000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1164-6-0x00007FFC730B0000-0x00007FFC73A51000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1164-7-0x000000001BFC0000-0x000000001C05C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1164-8-0x0000000000C10000-0x0000000000C18000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1164-9-0x000000001C0E0000-0x000000001C12C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1164-10-0x0000000000DD0000-0x0000000000DE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1164-11-0x000000001CC60000-0x000000001CCC2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1164-12-0x0000000000DD0000-0x0000000000DE0000-memory.dmp

    Filesize

    64KB

    Download