Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Keygen.exe

windows7-x64

10

Keygen.exe

windows10-2004-x64

10

Mocha.Teln...en.exe

windows7-x64

7

Mocha.Teln...en.exe

windows10-2004-x64

7

Mocha.Teln...sp.exe

windows7-x64

7

Mocha.Teln...sp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Keygen.exe

  • Size

    20KB

  • MD5

    bda654eb40ad8f5eb14bf3b931a71270

  • SHA1

    202fa0ac769e7dfde7861584237127d4108ea3c0

  • SHA256

    291550e0bbf532a0cc0c5bfea5e6f24c084372ef52a02be09deac769d5cb7297

  • SHA512

    f603227def1e86bcf7cb4f2b285617836f652646dc06e18cf007fb4a327c5d19ffff132b68b27dab8567bedbfbd546c3993c005c674c5a28157cdb7c79a1b045

  • SSDEEP

    384:WU45yYGoUmCt0SFI0EU8wl35KO/tFdR1FpyqgJn28:Wr8oPCRF58wl35KO/tFdR1KZJn9

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Keygen.exe
    "C:\Users\Admin\AppData\Local\Temp\Keygen.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • Modifies registry class
      PID:1388
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3D67.tmp
    Filesize

    21KB

    MD5

    02940c74780ec9acf42351982efeb65a

    SHA1

    27546acf0a8e4b00ba2caa4e386c994d0d0e57f6

    SHA256

    bb93dc2435c167434ed6b5458f2dd5360d498198968dce995d4f4696bf74bc2a

    SHA512

    ec7b63f5732df051598c6d7c62c16412ce41c5586651a55ca406f0d2e63fe487dbd54cfba125b8510373c5e9952acabe644f86006ba8f42ea42a101dfe2d6061

    Download Submit

  • memory/1388-64-0x0000000010000000-0x000000001000C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1388-62-0x0000000000650000-0x0000000000651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-63-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3048-19-0x00007FFAF6DD0000-0x00007FFAF6DE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-22-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-9-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-10-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-11-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-12-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-13-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-14-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-15-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-16-0x00007FFAF6DD0000-0x00007FFAF6DE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-17-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-18-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-7-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-20-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-21-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-8-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-23-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-24-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-25-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-26-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-27-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-51-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-52-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-53-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-54-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-55-0x00007FFB38DB0000-0x00007FFB38FA5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3048-6-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-5-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3048-4-0x00007FFAF8E30000-0x00007FFAF8E40000-memory.dmp

    Filesize

    64KB

    Download