Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

17756889e5...ex.exe

windows7-x64

7

17756889e5...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2023, 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17756889e56967exeexeexeex.exe

  • Size

    35KB

  • MD5

    17756889e569675ece80b90d855a32b2

  • SHA1

    545642b90a3338798ac3b958c626105a8a1eae0e

  • SHA256

    d30d10bde639da036924bf13bdfa5078b392ea5e31fa6bb4b3747badafaa9d48

  • SHA512

    3477c52ac91cf594fd6aeecbfd1fed33eab4347aed144534bbd4c23c844f07d7065569924f41f7fbe18a003fc10c39c61c0201734ab4cf9f0b77d8c3bfabea94

  • SSDEEP

    384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+0vJsg5b5UTXm:bgX4zYcgTEu6QOaryfjqDlC6JFbKq

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17756889e56967exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\17756889e56967exeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4220
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:4928

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    2a3062717c71c37d519d8b3c3a288b74

    SHA1

    854a68f40d9a6a3beb63c6feebf488018d2310c9

    SHA256

    2f789dc958da480e9e269ed34f7c08c8af635e63eff27fe22effa69e144918ac

    SHA512

    852413806af081573e49e009fd868de663c5f606921abc1846d7b3f9d79f1de7870c2c6344765ebf2e6f6ea24dfd10821262eaaad61beba865513669193c85c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    2a3062717c71c37d519d8b3c3a288b74

    SHA1

    854a68f40d9a6a3beb63c6feebf488018d2310c9

    SHA256

    2f789dc958da480e9e269ed34f7c08c8af635e63eff27fe22effa69e144918ac

    SHA512

    852413806af081573e49e009fd868de663c5f606921abc1846d7b3f9d79f1de7870c2c6344765ebf2e6f6ea24dfd10821262eaaad61beba865513669193c85c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    2a3062717c71c37d519d8b3c3a288b74

    SHA1

    854a68f40d9a6a3beb63c6feebf488018d2310c9

    SHA256

    2f789dc958da480e9e269ed34f7c08c8af635e63eff27fe22effa69e144918ac

    SHA512

    852413806af081573e49e009fd868de663c5f606921abc1846d7b3f9d79f1de7870c2c6344765ebf2e6f6ea24dfd10821262eaaad61beba865513669193c85c1

    Download Submit

  • memory/4220-133-0x0000000000680000-0x0000000000686000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4220-134-0x00000000022D0000-0x00000000022D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4928-149-0x0000000000700000-0x0000000000706000-memory.dmp

    Filesize

    24KB

    Download