Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    07/04/2024, 23:23

General

  • Target

    90f83af1b9a84f96494b7e7a6298699710869efb6a7a892a6f66e4a251b0bb38.exe

  • Size

    188KB

  • MD5

    d2e14ee9cce5f853c9030fad44379424

  • SHA1

    68cc4586304f48a0bb057f75d9acac2c3d25b3b3

  • SHA256

    90f83af1b9a84f96494b7e7a6298699710869efb6a7a892a6f66e4a251b0bb38

  • SHA512

    fba4c9b9daa3b549e35ef551a6022c0066ef7194f31a51dc5dc3ed4579c5704295c889422c93d9f2e3e57fe73d4f8970b86667b21a935a71ea3e3c234cd26a8c

  • SSDEEP

    3072:K7fyp+k5ROnFVR5pY0hrDGILpLI0M/Dk4KrfXRdjnbk9bOlezfQnFTTvprw1Wevd:K76p+7CKs0tzXRdjbk9bbyvprww8W

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90f83af1b9a84f96494b7e7a6298699710869efb6a7a892a6f66e4a251b0bb38.exe
    "C:\Users\Admin\AppData\Local\Temp\90f83af1b9a84f96494b7e7a6298699710869efb6a7a892a6f66e4a251b0bb38.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\reook.exe
      "C:\Users\Admin\reook.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\reook.exe

    Filesize

    188KB

    MD5

    0a15197df75677b51aab0578741c0876

    SHA1

    af4692cf2f190d2ed27a40ecb5df8e4b3a8b51b3

    SHA256

    cbea2788b8f4290fb1c08e19103e39da1098fa9c228c1cedadcfaabc92a82683

    SHA512

    fbd3420a686cfcfb97a84fd71a7cba36d0c431b653c45879abacd80eef45ccd4eead2e27aa0497e3bde8e4ebb072a748c02d3eec46ef1b520cfa5f94a1bdd915