Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
20/07/2024, 07:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
62d82edb8dd00ac0f31843c2702ac2c0N.exe
Resource
win7-20240704-en
windows7-x64
9 signatures
120 seconds
Behavioral task
behavioral2
Sample
62d82edb8dd00ac0f31843c2702ac2c0N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
9 signatures
120 seconds
General
-
Target
62d82edb8dd00ac0f31843c2702ac2c0N.exe
-
Size
84KB
-
MD5
62d82edb8dd00ac0f31843c2702ac2c0
-
SHA1
6fd273a86c0b1dbae53be615192dffc6681ffef3
-
SHA256
25e46d5f814ac6239f1d27c577f8d3549f829e0f4811b9b1c82a18d4b88c31c8
-
SHA512
7658469076c4461a6c4cac218f3818d9ead93832c2875c8aae7f345bc398830d5471fb0e0d5e3f1e5a742ae02449304d1470b4a7144c4f5fc635f0f7e7585cb7
-
SSDEEP
768:DyV+hOv0phYwzIiRg0OAIWi3KEyUhL7b7Yqlf4JwQltjmtTBHi7AlK:DoFv+nzOL76Ezh/vYlJwAitTB3lK
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" guajuu.exe -
Executes dropped EXE 1 IoCs
pid Process 536 guajuu.exe -
Loads dropped DLL 2 IoCs
pid Process 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\guajuu = "C:\\Users\\Admin\\guajuu.exe" guajuu.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 2020 2076 WerFault.exe 29 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe 536 guajuu.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 536 guajuu.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2076 wrote to memory of 536 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 30 PID 2076 wrote to memory of 536 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 30 PID 2076 wrote to memory of 536 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 30 PID 2076 wrote to memory of 536 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 30 PID 2076 wrote to memory of 2020 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 32 PID 2076 wrote to memory of 2020 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 32 PID 2076 wrote to memory of 2020 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 32 PID 2076 wrote to memory of 2020 2076 62d82edb8dd00ac0f31843c2702ac2c0N.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2076 536 guajuu.exe 29 PID 536 wrote to memory of 2020 536 guajuu.exe 32 PID 536 wrote to memory of 2020 536 guajuu.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\62d82edb8dd00ac0f31843c2702ac2c0N.exe"C:\Users\Admin\AppData\Local\Temp\62d82edb8dd00ac0f31843c2702ac2c0N.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Users\Admin\guajuu.exe"C:\Users\Admin\guajuu.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 8042⤵
- Program crash
PID:2020
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD5fb136dee3a50595c0a634cbeef556560
SHA1b2e077510c65566ba11061cec07c2f6f19f1d22f
SHA256d9e4043cdd868766deefce74767b2349b7cdf80e986406c2b3cefbfee4172741
SHA512f18d54cf699e583b18b8e46a913c0cd13e458bd963c89cc3de008c7e1217c75fc350a2557778c63581b972c714c3705ee87431d3844d37243322bac6b440132c