Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

8e7e2d0aaf...ca.exe

windows7-x64

10

8e7e2d0aaf...ca.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 21:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e7e2d0aaf432de598f202594d01fa57ed15f12389f10cf3f813e9bf7aa3c8ca.exe

  • Size

    204KB

  • MD5

    1e3bca8a0a3c19aa05e66613d0192f5f

  • SHA1

    ff0cbee34f8b833cab98134ebb0ae9bd10eeac78

  • SHA256

    8e7e2d0aaf432de598f202594d01fa57ed15f12389f10cf3f813e9bf7aa3c8ca

  • SHA512

    be1873bfd579b00d4cf8fabe0ef13b01fd6bd8857eca1c70a1c2004c9552586d830e831f68d4e1ca785bbe53acab3020cbfa881aaf43d4b3a985f131fac6e02c

  • SSDEEP

    3072:5mEW8uYH0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWVfY:g57w4QxL7B9W0c1RCzR/fSmluQ

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e7e2d0aaf432de598f202594d01fa57ed15f12389f10cf3f813e9bf7aa3c8ca.exe
    "C:\Users\Admin\AppData\Local\Temp\8e7e2d0aaf432de598f202594d01fa57ed15f12389f10cf3f813e9bf7aa3c8ca.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Users\Admin\yeucu.exe
      "C:\Users\Admin\yeucu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\yeucu.exe
    Filesize

    64KB

    MD5

    4217a152d085f5bc2707a9669ec58f3e

    SHA1

    e221ce3b120d4da615045146a7e25cadfb8c90cc

    SHA256

    04a7709a7e6ddfda37ff351bcf4ec4d40e8c984c797a7afff457d5bc2cd3e799

    SHA512

    8efed298d190110acbe7f7d8d9ed6c6ced9bf52d5e9d7e980805a34e2cb9a15955625e642a7200dc007c9dbeb6e134e171fa92cd5713a1122fe10944ea3232ca

    Download Submit

  • C:\Users\Admin\yeucu.exe
    Filesize

    204KB

    MD5

    683dd831f3c33fa440df69adf1abd3a7

    SHA1

    aac463a3de42e7bc8a24eee82984fd51a663f257

    SHA256

    fccfc42c03b06e934142cd99ac74284c750c84389acaddf881032d556eadde9f

    SHA512

    e85335490d174fbf8efb785de5e77706e668a847e76881e51ab12231a498ca05803ac9532705b1582a84c60773c8affec64cb5ad52d125e805c69110f0edf2ba

    Download Submit

  • C:\Users\Admin\yeucu.exe
    Filesize

    128KB

    MD5

    70423bc57b5f5291f822927ebfe74051

    SHA1

    2b9a180133dc8276926f7ff420a7b1386471457f

    SHA256

    b56ae7a1cb6a7863e0b62fd41d5053fe565896a18679a04187bec93ce12a3e69

    SHA512

    75a44faa8021c724607ec65bc14b754d7730565694980342f2bf9589dc22c236716758abb755afdf075c5321300ad641c668bfb390320d35290fc2468c3cee05

    Download Submit

  • \Users\Admin\yeucu.exe
    Filesize

    126KB

    MD5

    dd10fdb6257f1183786d7242468b35ea

    SHA1

    78f8f30c1c4d266bb7265c067816495ab9fbadea

    SHA256

    4949c805fff4480344d2869122d37ff44c88b213276aa829a23c27d21f729d9a

    SHA512

    535b397debcfb0f76f6c6f4cbe364c8cee005df9d2056998748ba1501d8884a6b20378129f5c6f92273613fa0a3c3a6e0183f283348627638d97ad1c153ebadd

    Download Submit