Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1caf10a365...99.exe

windows7-x64

7

1caf10a365...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1caf10a365519f652849092cea735b99.exe

  • Size

    62KB

  • MD5

    1caf10a365519f652849092cea735b99

  • SHA1

    3cf1780504438c91bb0e6be7739afc1cab0103bb

  • SHA256

    37970affc03207fcc98390c0b1d3f9e99c748a422d2ad228625701bd1bb1c458

  • SHA512

    725b5e73afd94526a21675138179f0bf9b37b71c6e50716ef9f61e0720e2a684d237739020b841048b31195607505cb679c508d391130f643cb004c5430f656b

  • SSDEEP

    1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1x/9lfL+gniDSc9S:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7U

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1caf10a365519f652849092cea735b99.exe
    "C:\Users\Admin\AppData\Local\Temp\1caf10a365519f652849092cea735b99.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Users\Admin\AppData\Local\Temp\hurok.exe
      "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\hurok.exe
    Filesize

    62KB

    MD5

    da7a9b2330e74197f45c53a3bc9b27b3

    SHA1

    673a65af895f05f6ed0d41f824835bc268410bde

    SHA256

    2be9d918351c9daa11967f30e27fb0fc5d39609ddf9f33351bf3b64d2d62e2b5

    SHA512

    4ae1ee44cabb610d01e62261c015ff4035d75686d1e6b6df8320adcea7f9203b9e192510a5110a0be14cbdf6a241ccbac8f3ab681d8ce5d8f2c661df6694bda1

    Download Submit

  • memory/2932-0-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2932-1-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2932-8-0x00000000001C0000-0x00000000001C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3068-18-0x0000000000230000-0x0000000000236000-memory.dmp

    Filesize

    24KB

    Download