Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

95f49b599d...2a.exe

windows7-x64

10

95f49b599d...2a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95f49b599d020310a3295f5dcd4e652a.exe

  • Size

    172KB

  • MD5

    95f49b599d020310a3295f5dcd4e652a

  • SHA1

    4b0912d3f90e33a64b626a210af908634f7f3ef5

  • SHA256

    791f17b24ca5e8171191f6b27e38622240e5ce3b777e81251dd4480d2f4a2281

  • SHA512

    c77300b1c02d4ff1062f8f6abfc34d7d5fc92274452393b22ed0f8dc1429fd203759e7c0251d5cb0eb39528469d3234d648d757e7cce16e9af9c2c9dd7e28dce

  • SSDEEP

    768:wQxIN2L0LOA9YP9/OdwiuvxKH5esBk/WRUDiyIdVngJ9N/NRf/SxMA4RvmW5cH2:wmjqYP9LHTJ9VNRXSxMA4p5cH2

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95f49b599d020310a3295f5dcd4e652a.exe
    "C:\Users\Admin\AppData\Local\Temp\95f49b599d020310a3295f5dcd4e652a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:180
    • C:\Users\Admin\naepi.exe
      "C:\Users\Admin\naepi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\naepi.exe
    Filesize

    172KB

    MD5

    81d54848ab96f2249a7f41da88e69943

    SHA1

    e9d40692caac575ac941aeeed1a533d317e120b4

    SHA256

    2404f72c392fe9af47986c7e2566ee428df8ba6f1beb3279cdcfde580eed77fc

    SHA512

    87e59ec7a1f25e71a7c5b2c0512cbdf76b3565495dcf6554b35a497ed17e46bdc123d43b8ea60cd5f9123d3a63caa915c5b62e6ea9209f110f036f83cc8b80f8

    Download Submit