Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

88dec62330...68.exe

windows7-x64

10

88dec62330...68.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 07:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88dec62330d975d6d91a031ac5933768.exe

  • Size

    88KB

  • MD5

    88dec62330d975d6d91a031ac5933768

  • SHA1

    71844309956a65e7d0065253bf1ae0d28104c303

  • SHA256

    d48283abdd98ec1309c77f1bc7b6e4fb809e4aee822fcf850c644c1f3738924f

  • SHA512

    cbdf7f2db7a6c6a4fdbf2684a4f20656c481c331c5775bea2a7d66d4086d9827ce08c54b2f742f84e01c269f9179c93915c38995ea6ceadf2c326ad57c2c2230

  • SSDEEP

    1536:MocTCULyBgrLswwWGaWbWbobSbVbBbvJ1SmHZx9k1nKw7N8za:9cTCU1rv51Iq+

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88dec62330d975d6d91a031ac5933768.exe
    "C:\Users\Admin\AppData\Local\Temp\88dec62330d975d6d91a031ac5933768.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\miouwop.exe
      "C:\Users\Admin\miouwop.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1864

Network

  • flag-us
    DNS
    ns1.player1253.com
    88dec62330d975d6d91a031ac5933768.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.player1253.com
    IN A
    Response
  • flag-us
    DNS
    ns1.videoall.net
    88dec62330d975d6d91a031ac5933768.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.videoall.net
    IN A
    Response
  • flag-us
    DNS
    ns1.mediashares.org
    88dec62330d975d6d91a031ac5933768.exe
    Remote address:
    8.8.8.8:53
    Request
    ns1.mediashares.org
    IN A
    Response
    ns1.mediashares.org
    IN A
    104.155.138.21
    ns1.mediashares.org
    IN A
    107.178.223.183
  • 104.155.138.21:8000
    ns1.mediashares.org
    88dec62330d975d6d91a031ac5933768.exe
    512 B
     412 B
     11
    10
  • 8.8.8.8:53
    ns1.player1253.com
    dns
    88dec62330d975d6d91a031ac5933768.exe
    64 B
     137 B
     1
    1

    DNS Request

    ns1.player1253.com

  • 8.8.8.8:53
    ns1.videoall.net
    dns
    88dec62330d975d6d91a031ac5933768.exe
    62 B
     135 B
     1
    1

    DNS Request

    ns1.videoall.net

  • 8.8.8.8:53
    ns1.mediashares.org
    dns
    88dec62330d975d6d91a031ac5933768.exe
    65 B
     97 B
     1
    1

    DNS Request

    ns1.mediashares.org

    DNS Response

    104.155.138.21
    107.178.223.183

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\miouwop.exe
    Filesize

    88KB

    MD5

    74cbc27e5749913f55ce066851c266a5

    SHA1

    63d350ea46fed8c499e84c6b8261ff6b336e0a48

    SHA256

    7fc137d6ff13ab1a77f6facf3bd80921b7a2bac45a63ef186fa0af32ebe299ec

    SHA512

    a0e8fac78b186b3f1c37f7c1b277e6c70e535bb6368e6c1174d4bebfacdaeb58a3629d5d217aa3c3e3bbfb0260b93a40e0034389de21d1f5ac4e5faac9456225

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.