Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/04/2024, 23:21

General

  • Target

    9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe

  • Size

    156KB

  • MD5

    0a94dcc9c9597999f002e07aed1ed3f0

  • SHA1

    d6b00b973044a07414c3773d9d453a434c3b8906

  • SHA256

    9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c

  • SHA512

    bfb65a9ca940dc66d5c7c6f6602b9d4c9b1ce0885011736a6516e91eae51610434457b4a750a9ebbc00f23e89032849a5eac009f4bf5a6da3971875b3c463954

  • SSDEEP

    3072:ZANPhL39GsZtSxch3Z1C5GbWyleXkbxy6cuH8Al4oQZiEjRl:2PhQsZ5b1OGbU0NBzXWpr

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe
    "C:\Users\Admin\AppData\Local\Temp\9000b8a07cd2619399494357f934c7c601e8ace11617e79847b69ee8017d800c.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\suopao.exe
      "C:\Users\Admin\suopao.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\suopao.exe

    Filesize

    156KB

    MD5

    4799d25af5b6f98d871cf318c0bc1cdc

    SHA1

    0d14526cfaa9f514231493d597d36c12e3132590

    SHA256

    def824ffe063a503617459cf38aa56fbd4eebac3eee9fe647c141295d37b057d

    SHA512

    4127f1f2f95843bd2b69ca0895731df2498dd72fc64116d700ad993e28917be4655578409ec24b517ec72ea0ea6454ff892df692cf1ebda7c47d740a14f6f816