Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2024, 14:14

General

  • Target

    b25591ab4e20edd1bd7215763ef6afc0.exe

  • Size

    228KB

  • MD5

    b25591ab4e20edd1bd7215763ef6afc0

  • SHA1

    600b80c9d1b713f3ac60013630949023fa78e7fd

  • SHA256

    3202e7b3359e2973bbf80beda010304548b275c790afc7d9c7d7211b28e8c2ee

  • SHA512

    4cd8dceb64515f6c26f74e29b6acc98e41051e16e1598a76d5ce3e170327917843f6f7a4da820bda7738ef614c057850780667a68546db66c389d7e986079cf6

  • SSDEEP

    6144:wvkoPrMoZFOJaa82i2QIJ/UXEsH+3A06swOJRnCm5UjSQB:wvkoPYo2gabhQoUX/e3EsPJRgjd

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b25591ab4e20edd1bd7215763ef6afc0.exe
    "C:\Users\Admin\AppData\Local\Temp\b25591ab4e20edd1bd7215763ef6afc0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\vuasait.exe
      "C:\Users\Admin\vuasait.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\vuasait.exe

    Filesize

    228KB

    MD5

    44bd5cfad7350d70d1082fe33bea7e26

    SHA1

    9021a3237b0310f66d30bdebf51b78e84441ce1e

    SHA256

    e89807796415b769cd70a3fd2a04565e154794788014229e0d7a2f022dac008d

    SHA512

    e61c52e014f7f2ce30cc3710d2cc4ba92b0c5995d467af3b7d490ec309727b7ea3f2a2c9c0331209a5871d1261679541c1e4a3589a66bf63aef85aa3ceea05a9