Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2024-12-15...ye.exe

windows7-x64

10

2024-12-15...ye.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/12/2024, 19:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-15_1a2a0daaef95ec59de17e4aa0c36a9be_bkransomware_hawkeye.exe

  • Size

    520KB

  • MD5

    1a2a0daaef95ec59de17e4aa0c36a9be

  • SHA1

    362dea813e278a8f7e84b659e3c67fc0f6b4127a

  • SHA256

    5933c9284c083cb2f3ab152d092b9204347c78a9e916b8ec4506f29aff05a9b2

  • SHA512

    cacc1c7a89d60f72db009992499a9c86979e36c624b3ef2c8b2a508bb2b659a2f9446fe2bd9cb86c196f9dcfdee279cf75578fa2f06948e95c7e2decf9e514e1

  • SSDEEP

    6144:qoyZmTAsfJFakxaLjcMkc0Cax1PnGp6bYA0w601+dNT9/0626ASkVOAFPxlsRI9M:qoyIJsMPrPGp6bYboEdNsi3b

Score
10/10
salitybackdoordiscoveryevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-12-15_1a2a0daaef95ec59de17e4aa0c36a9be_bkransomware_hawkeye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-12-15_1a2a0daaef95ec59de17e4aa0c36a9be_bkransomware_hawkeye.exe"
    1⤵
    • Modifies firewall policy service
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • System policy modification
    PID:2504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2504-0-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2504-1-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-6-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-9-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-3-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-10-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-22-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2504-8-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-5-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-18-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-11-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-4-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2504-7-0x0000000001D90000-0x0000000002E4A000-memory.dmp

    Filesize

    16.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.