Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/06/2024, 13:20
Static task
static1
Behavioral task
behavioral1
Sample
34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe
Resource
win10v2004-20240611-en
General
-
Target
34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe
-
Size
50KB
-
MD5
cc2f99f534bed7b4338723119be4a546
-
SHA1
d07848b7cde8a815ef558f170206581b89c91ccc
-
SHA256
34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38
-
SHA512
85542775a3c8e23d0dcd9e0fa4751a073e53ebd2b7026faca497bdabc5b8b95a045f17e193b5f3ea2868ee337a9e081e2381e277bab927daf72fc8f3c109e558
-
SSDEEP
768:Cv7RBmwSG/Lr9dwqoKlV1eqrEXqVnzbgOeZh4hSdWUAohfjiT5edip:CvlCGjrZRlV1eCE6uJZh4hq0qfWT5M4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2152 kkaaya.exe -
Loads dropped DLL 1 IoCs
pid Process 2152 kkaaya.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\hra8.dll kkaaya.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\kkaaya.exe 34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe File opened for modification C:\Windows\kkaaya.exe 34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 kkaaya.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz kkaaya.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1996 34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe"C:\Users\Admin\AppData\Local\Temp\34841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
PID:1996
-
C:\Windows\kkaaya.exeC:\Windows\kkaaya.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Checks processor information in registry
PID:2152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5de61de242b5500304af17e4661100ea5
SHA1ed6c1fce0696ce100a93f2d3cea83a0475947e4f
SHA2563c373fde7222d1e3c5a13339d37f3b5752374210ae09974b4f17baa261c3b9a5
SHA512b393464bfd694bb314cf9c8f3d19ab6750cc65d9e3506c1b91a8658a227e9f8614b1f65b8eaa7b7e844d7308b450e690627e3eb1a8101ca80917c62233d1473f
-
Filesize
50KB
MD5cc2f99f534bed7b4338723119be4a546
SHA1d07848b7cde8a815ef558f170206581b89c91ccc
SHA25634841d3437f7c82d06bbf0b60bc1ee10a7b56472712f4c97dc904fe329025e38
SHA51285542775a3c8e23d0dcd9e0fa4751a073e53ebd2b7026faca497bdabc5b8b95a045f17e193b5f3ea2868ee337a9e081e2381e277bab927daf72fc8f3c109e558