Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/03/2024, 14:14

General

  • Target

    b25591ab4e20edd1bd7215763ef6afc0.exe

  • Size

    228KB

  • MD5

    b25591ab4e20edd1bd7215763ef6afc0

  • SHA1

    600b80c9d1b713f3ac60013630949023fa78e7fd

  • SHA256

    3202e7b3359e2973bbf80beda010304548b275c790afc7d9c7d7211b28e8c2ee

  • SHA512

    4cd8dceb64515f6c26f74e29b6acc98e41051e16e1598a76d5ce3e170327917843f6f7a4da820bda7738ef614c057850780667a68546db66c389d7e986079cf6

  • SSDEEP

    6144:wvkoPrMoZFOJaa82i2QIJ/UXEsH+3A06swOJRnCm5UjSQB:wvkoPYo2gabhQoUX/e3EsPJRgjd

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b25591ab4e20edd1bd7215763ef6afc0.exe
    "C:\Users\Admin\AppData\Local\Temp\b25591ab4e20edd1bd7215763ef6afc0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Users\Admin\kueyao.exe
      "C:\Users\Admin\kueyao.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\kueyao.exe

    Filesize

    228KB

    MD5

    cb7a6584162fa2671378109e9b8fd584

    SHA1

    88762764b188536450d14777e23f8868a7363cd1

    SHA256

    4cabbdd4f2ebf2f620ea06b2d6e1643e709654a860f42b4e40eba9d2e0721765

    SHA512

    8892bde99d0733a1e80c74fcaa16180ebe6eb6ae77f4dca0752ffbd6189c7967d1aba7cba5621ebe912c533c35756bf7b22658a2a61e6ca7f36aad69e2cd2127