Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

28/03/2024, 19:58

240328-yp6h2afh52 10

26/03/2024, 19:31

240326-x8k6rsac82 10

26/03/2024, 19:29

240326-x7nv9sdb8v 3

26/03/2024, 19:26

240326-x5nsgsab94 10

Analysis

  • max time kernel
    1799s
  • max time network
    1179s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/03/2024, 19:31

General

  • Target

    40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465.exe

  • Size

    172KB

  • MD5

    d5d67479100e986a12e93f9be917bd9c

  • SHA1

    33fad2e93fffeee3c2b358e57d44b632cbfc8e20

  • SHA256

    40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465

  • SHA512

    aaebd28f8c8222ebe8b9080135fa1ee33729abc2787ea5d80cd877e0b8a7f0c1da60469658d8492a0a2567ffed3f15ae94969c91942554488f58d5ef35f88853

  • SSDEEP

    3072:jbx0J+a0UAVTj2XAwqr6HFjuoF+N7bZD16iYIQusGGTkLGFMMalHSXvhSkXWnU2X:jbNa0U+j2Qh69uoF+N7bZD16iYIQusGN

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465.exe
    "C:\Users\Admin\AppData\Local\Temp\40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1136
    • C:\Users\Admin\megoh.exe
      "C:\Users\Admin\megoh.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\megoh.exe

    Filesize

    172KB

    MD5

    93849bda82fc9d76aef91849a698293f

    SHA1

    82af6cbfbb3255583170519af9958391782639b8

    SHA256

    2ec796495250822aefaffbdc28f00600f4b14857185f866e30058f6dc4e47cf5

    SHA512

    1ac8d213441ababdfd1a484917ad3b8cb259719873cdb84182fcc845b197322b027fe1dbdb8e36e7da6ceef1c35cfa71d5a29d780aee6c1383ce2cb8e96847e7