Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 07:12

General

  • Target

    62d82edb8dd00ac0f31843c2702ac2c0N.exe

  • Size

    84KB

  • MD5

    62d82edb8dd00ac0f31843c2702ac2c0

  • SHA1

    6fd273a86c0b1dbae53be615192dffc6681ffef3

  • SHA256

    25e46d5f814ac6239f1d27c577f8d3549f829e0f4811b9b1c82a18d4b88c31c8

  • SHA512

    7658469076c4461a6c4cac218f3818d9ead93832c2875c8aae7f345bc398830d5471fb0e0d5e3f1e5a742ae02449304d1470b4a7144c4f5fc635f0f7e7585cb7

  • SSDEEP

    768:DyV+hOv0phYwzIiRg0OAIWi3KEyUhL7b7Yqlf4JwQltjmtTBHi7AlK:DoFv+nzOL76Ezh/vYlJwAitTB3lK

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\62d82edb8dd00ac0f31843c2702ac2c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\62d82edb8dd00ac0f31843c2702ac2c0N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\guajuu.exe
      "C:\Users\Admin\guajuu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:536
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 804
      2⤵
      • Program crash
      PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\guajuu.exe

    Filesize

    84KB

    MD5

    fb136dee3a50595c0a634cbeef556560

    SHA1

    b2e077510c65566ba11061cec07c2f6f19f1d22f

    SHA256

    d9e4043cdd868766deefce74767b2349b7cdf80e986406c2b3cefbfee4172741

    SHA512

    f18d54cf699e583b18b8e46a913c0cd13e458bd963c89cc3de008c7e1217c75fc350a2557778c63581b972c714c3705ee87431d3844d37243322bac6b440132c