Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
07/04/2024, 18:20
Static task
static1
Behavioral task
behavioral1
Sample
07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe
Resource
win10v2004-20240226-en
General
-
Target
07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe
-
Size
180KB
-
MD5
6c195fdd3feed05dfb0f92bd596f0882
-
SHA1
9aaa4b3097944475d5126da567b1e9aa1b3a775f
-
SHA256
07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66
-
SHA512
108e38341c3698d5c3beedeb4e57e009d0e741a3f434c2e4506aea96fcbd9fab6865d5b92aa49251e8f524c2b12708f4664ace02109e2c51142286c5e66214af
-
SSDEEP
768:lM/HdK9ki5+OXe04H7cHPHYmug6UXQm1dIZE2ocOT77e:lkUqHyj6S3T77
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" laqeg.exe -
Executes dropped EXE 1 IoCs
pid Process 2144 laqeg.exe -
Loads dropped DLL 2 IoCs
pid Process 2196 07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe 2196 07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\laqeg = "C:\\Users\\Admin\\laqeg.exe" laqeg.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe 2144 laqeg.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2196 07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe 2144 laqeg.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2144 2196 07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe 28 PID 2196 wrote to memory of 2144 2196 07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe 28 PID 2196 wrote to memory of 2144 2196 07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe 28 PID 2196 wrote to memory of 2144 2196 07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe 28 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27 PID 2144 wrote to memory of 2196 2144 laqeg.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe"C:\Users\Admin\AppData\Local\Temp\07a689b13a762ea04a4ce737e1ab5bf07b941766b4dd39ce042733727cd82c66.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Users\Admin\laqeg.exe"C:\Users\Admin\laqeg.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD572638a89bfc2a0f2e5d386d7f1e11f87
SHA18f3be8eb3ba2e7e051e32920a3ed2e4f04cb9718
SHA25653b8278bcf25c0b127af218c7c9ebca1919af5ad5a9d0a970a73839b323f73d3
SHA5125601606b65b7bbb2979fa73f5836aff9da128c9423d967bedff04feb989e149f6a88d8138f0fa526cea1d8bfef01a13e24fefc9075f09688ec335090578e0e3d