Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    199s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 05:52

General

  • Target

    2cb3b15d80b24820461e96eb0e1eb136.exe

  • Size

    180KB

  • MD5

    2cb3b15d80b24820461e96eb0e1eb136

  • SHA1

    c83a6bda6b18170f8a57a87d8878d6e912e32751

  • SHA256

    f5dc2c5f28f2ee04bcc8be8db65b50d56890c8a0145a3a4319215d51bba2350a

  • SHA512

    11b87bdf8a72de068247e57bb9aa227e3d3b9fe8461058bc8cfbd82efa2dacb7f89418b4dd2aed1fefac7e75454c317fb1cd5a9d6cf592ef8daad013a9dc77c7

  • SSDEEP

    3072:PFKSaAr21MlttMFz8o+F334VSlkfoyHYb/zCHPEhg5JN8x+eDfcAuQPUS9rulDB:PFi1MltKaJkHHYb/zCHPEhg5JN8x+eDK

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2cb3b15d80b24820461e96eb0e1eb136.exe
    "C:\Users\Admin\AppData\Local\Temp\2cb3b15d80b24820461e96eb0e1eb136.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Users\Admin\fuadox.exe
      "C:\Users\Admin\fuadox.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\fuadox.exe

    Filesize

    180KB

    MD5

    ef20b7d638a05348503c0eb79ccb7e5a

    SHA1

    b95bbb6e8617708acf4d13604aac353b9631e7b8

    SHA256

    0146380a0c9848c32cf018a7f7854b29568b771ee28362d558ba46c959ab130d

    SHA512

    ccf3cbf36ef51d22a983c18fd05f125f756845977da7998edbc269839a304695b369bd7aac2e2e958e64fe435654be6785abb3671f832c67fbb14a0ef551dd22

  • memory/2316-15-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

  • memory/2316-22-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

  • memory/2468-0-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

  • memory/2468-14-0x0000000002EA0000-0x0000000002ECD000-memory.dmp

    Filesize

    180KB

  • memory/2468-19-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

  • memory/2468-20-0x0000000002EA0000-0x0000000002ECD000-memory.dmp

    Filesize

    180KB

  • memory/2468-21-0x0000000002EA0000-0x0000000002ECD000-memory.dmp

    Filesize

    180KB