Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

7f724f16e1...4e.exe

windows7-x64

10

7f724f16e1...4e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2024, 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f724f16e198623f22bce89fa06d8c4e.exe

  • Size

    216KB

  • MD5

    7f724f16e198623f22bce89fa06d8c4e

  • SHA1

    3fa152bc31516cfb650b922437862cd9ae41bc64

  • SHA256

    53a8ce69fa26961c132151a90a3acf2681f4b7c9960813d9a8a41b6b83e4561e

  • SHA512

    beba08f2a0e4de82e74086266060a8bd731a250e5f4a123d923ce5a847ed9f26123acab7716ea049ae8b6b631beb52ac8f992da711f4ab195ae932272da7d514

  • SSDEEP

    3072:SFvdCkdoHFGFooobAqzNOEbOKZbtpGPsLxN:SFv0NPseNmKJtpLN

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f724f16e198623f22bce89fa06d8c4e.exe
    "C:\Users\Admin\AppData\Local\Temp\7f724f16e198623f22bce89fa06d8c4e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Users\Admin\houjui.exe
      "C:\Users\Admin\houjui.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\houjui.exe
    Filesize

    216KB

    MD5

    03f716a74b6b67a9ba32a7e3c58800a7

    SHA1

    3df51cf232271711c388cdc85993ca55d4544bac

    SHA256

    d199375362268e4623b9fadb3f46a06daf50b4d0a93aa3c84d85b9f450c2ddfd

    SHA512

    567ab92198134d4cfa28e1536d3d72568aaa24115f3687bda4d90f09e7fa2488a59854c80ea0f1152112f1f0701a24f46b3a266a20eb35f2ee28c5068fa3b4ef

    Download Submit