Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8261e9f4b8...4c.exe

windows7-x64

7

8261e9f4b8...4c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe

  • Size

    448KB

  • MD5

    832a45c68255355a4afda0c7634295ed

  • SHA1

    3c91743c3f36a1d4295a6a4ca0ffa59181a937c5

  • SHA256

    8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c

  • SHA512

    14a3d7d6813c26b72e147134d8a1a130d352dcd4847d05d19660e6dfbf609af8cdf61bf025436c9d85fdf6380dee26dd864cfb07786ea689653ea538b6ee01f3

  • SSDEEP

    6144:Cc1I07FfYYRv0tjdA5qBdpWiFokEjWbjcSbcY+CaQdaFOY4iGFYtR:F6sZYYRv0tjdTdzFokFbz+xt4vF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe
    "C:\Users\Admin\AppData\Local\Temp\8261e9f4b828aff9ac6e8671686e62582d2a6ac736c24ae8c5dc0d126510594c.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\windows\BLKEF.exe.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\windows\BLKEF.exe
        C:\windows\BLKEF.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\BLKEF.exe.bat
    Filesize

    56B

    MD5

    b33e7d5a06e9f64af17b4c6c44932f9f

    SHA1

    4602a1253fa60612a27968255bdd41104d01d52a

    SHA256

    c2a6b8ab57bdb5d0fd0f0a750573ad75e9df16b28a0f8eba4226ee09eeddeb2d

    SHA512

    8015a5a1f832885a5e024ffed5ea3ce651e8726a47ffd406b566a7f64a793d05c4aed06964b01834b4bfd8bc5e2ca583704191ed1f1f45ec630cde88a544e4b1

    Download Submit

  • C:\windows\BLKEF.exe
    Filesize

    448KB

    MD5

    0f3ec0d6daa7b16eab783fd7a8651bc5

    SHA1

    01830dfdf4fdb71577a5bc85fdaaa97ce74e3b6f

    SHA256

    1b95ef467cb168096231023606e219a32fd74de22a3154518a33b67e3a495239

    SHA512

    11e3c8c043b87dbed5a32436d847f93dc952b7f40201773ad5c6c07fcde107d9727c3ad91b4d5581cf872ba5d3ac3b47d7db0b9199fce81088087ff6941ed1b3

    Download Submit

  • memory/2252-0-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2252-12-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2668-15-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2668-16-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2700-18-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2700-19-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download