Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 20:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe
Resource
win7-20240221-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe
-
Size
53KB
-
MD5
bec880391cdc3cd24a8114303d90227a
-
SHA1
190dee6e3fa40d0caf193f15a4764454700af98e
-
SHA256
35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31
-
SHA512
5dbae3d2f2575d1f3d9443a13c9ab79069f1242ba2284d2ab0bbdc2dc5570313bc05dfb68e6b741e7f040043996654ba486442895894f76e1f9e37342d4cb9c0
-
SSDEEP
1536:vNeg8r8QZF+h/7Kp3StjEMjmLM3ztDJWZsXy4JzxPM0:UF+h/JJjmLM3zRJWZsXy4J9
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" muirii.exe -
Executes dropped EXE 1 IoCs
pid Process 2336 muirii.exe -
Loads dropped DLL 2 IoCs
pid Process 2152 35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe 2152 35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\muirii = "C:\\Users\\Admin\\muirii.exe" muirii.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe 2336 muirii.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2152 35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe 2336 muirii.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2152 wrote to memory of 2336 2152 35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe 28 PID 2152 wrote to memory of 2336 2152 35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe 28 PID 2152 wrote to memory of 2336 2152 35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe 28 PID 2152 wrote to memory of 2336 2152 35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe 28 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27 PID 2336 wrote to memory of 2152 2336 muirii.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe"C:\Users\Admin\AppData\Local\Temp\35d40cd5729bb99358a92c6d3f3c11c99b652b9320e674766db282eac9fd2e31.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Users\Admin\muirii.exe"C:\Users\Admin\muirii.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD56bc9956acd8b11b23365d2c285be109c
SHA125b4fcd05615df1f3b7e17ba5209ea5001b8ca2c
SHA256f5e1549210c2822c22d28035953a7db1ed7284251ef4b1318e737e4b99b6dda1
SHA512c5c77f8d7477925e05e040bc0de608f3a4e6b14f41ed24e0729c550d0306046cb76cdfc5c0ccd56c6f1c500fd1d545dbc74d1226e5af05c8db3956baf7502200