Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

86a04abc43...16.exe

windows7-x64

10

86a04abc43...16.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    167s
  • max time network
    180s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86a04abc43302367987d735d1eec7516.exe

  • Size

    220KB

  • MD5

    86a04abc43302367987d735d1eec7516

  • SHA1

    a356c4cbe79222dc47a056501451cde8c3076420

  • SHA256

    7860d54f57f84f573dc8cc8b11bad483ebbe837bfef58d944ef46ac22d9be921

  • SHA512

    e12f9f2889bd3df7f269938367af0eab47b40d48fa46203ca832586e305f4cee34e453ecea026c569d4e6264eb3c91a2ed408f26b1a832a69d130644985787ad

  • SSDEEP

    3072:pexoX87v9mBhYlhgywlp2cQlftSymTlUMvCI2Zxo0:pexos+p2cQULlUzDx

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86a04abc43302367987d735d1eec7516.exe
    "C:\Users\Admin\AppData\Local\Temp\86a04abc43302367987d735d1eec7516.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Users\Admin\wiepui.exe
      "C:\Users\Admin\wiepui.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\wiepui.exe
    Filesize

    220KB

    MD5

    3272968955e865e220d3fe8ed2b3fa09

    SHA1

    e0f01bfb3330afb199484466e51f06492bda7488

    SHA256

    b5d613c68942227a3d397d39cd1b5f7f1ff9efe51b661bd62a0c22a2d9ac0511

    SHA512

    18655559278a531142ba73d2b96d181cca816defdad34d1b4e8622fd23483d25db053e404e2a24ade772bdcc303800d9c4a300d37293918fbe05596357e326fe

    Download Submit