Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/11/2024, 10:12 UTC

General

  • Target

    195c6af5174895c9b5fbf451de76dd7df5f51cdc7086e528e601c1248cf6885a.exe

  • Size

    189KB

  • MD5

    2128d38119371c238a3d405d12df80c4

  • SHA1

    0932dfb743754310070dc626a55e464918efe8be

  • SHA256

    195c6af5174895c9b5fbf451de76dd7df5f51cdc7086e528e601c1248cf6885a

  • SHA512

    8034942a314e9bdf2bfa33f463b2b9aa9eb0408bada93f72c5fde84d2efc354e996958af11927fb5920c873c6d50e69244390f58f316f7add97ebd55d64f1e86

  • SSDEEP

    3072:YA+MPNsjU+g/Pu92PkWMW50y4jrv34ClUCeCw2AC1rEMmy1juCTjIUHaPtYSAJwX:/JPxktlKCw2oMmy1iCXZHaPtIJw28eiF

Malware Config

Extracted

Family

koiloader

C2

http://193.31.41.56/take.php

Attributes
  • payload_url

    https://calicorieti.it/wp-content/uploads/2023/07

Signatures

  • KoiLoader

    KoiLoader is a malware loader written in C++.

  • Koiloader family
  • Detects KoiLoader payload 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\195c6af5174895c9b5fbf451de76dd7df5f51cdc7086e528e601c1248cf6885a.exe
    "C:\Users\Admin\AppData\Local\Temp\195c6af5174895c9b5fbf451de76dd7df5f51cdc7086e528e601c1248cf6885a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2556-0-0x0000000000100000-0x000000000010D000-memory.dmp

    Filesize

    52KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.