Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    26s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 13:49

General

  • Target

    c3de679d46d7af04fb19fec872658950N.exe

  • Size

    60KB

  • MD5

    c3de679d46d7af04fb19fec872658950

  • SHA1

    715a2062a806ad6ac2c1bd8915b4175cbd9432b5

  • SHA256

    033a9bdf81cd99f3aac4ccd914b91de59ec3c7ab0aa825511487675f3017816d

  • SHA512

    cae8bdf84fbd586d32c21386e16fa9f6ea459fbbce3f02d32fc6061763ab603307d9184ae2e19f261840a3fa185a358eaee28b77219d25dc8e0aecf5abb7b766

  • SSDEEP

    768:ETgAcnILz6H4PwVjHovQ/o/THkbAqs3OfKDHGlHRJ6Wd:ETCy0CQjH2oQ+RJ6Wd

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3de679d46d7af04fb19fec872658950N.exe
    "C:\Users\Admin\AppData\Local\Temp\c3de679d46d7af04fb19fec872658950N.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Users\Admin\nuoiv.exe
      "C:\Users\Admin\nuoiv.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\nuoiv.exe

    Filesize

    60KB

    MD5

    e4b2e1cfd8c839cfda8f621d01ee11d7

    SHA1

    96f0c4a342a9a7ba93fbea1761d9f446a448d3f4

    SHA256

    41300dfec3c8fa9f217511b33f5ae1220da020ab6334e8c6f2058cd0a0d493ca

    SHA512

    2834178c2515ac5ff46238775f563a19b6bf669e6f48827eca729ec497a996c19ee943e92be63414c0475b8bc0c2d883f263d75735bb7223f5cda28c822dd17a