Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

245b1fe5b1...ex.exe

windows7-x64

7

245b1fe5b1...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2023, 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    245b1fe5b1dcfbexeexeexeex.exe

  • Size

    46KB

  • MD5

    245b1fe5b1dcfbfe1a02c2efb9c93369

  • SHA1

    8636fa59507f938781a47b97dfbc0342d1ab10a9

  • SHA256

    e2f0be2fdee4424ee86ab73c88b847a6b7761e970a35a73360ecd49bb34cdc38

  • SHA512

    2f874898ab3a3cd31490610ea9c36e5f0798182cef2ffbfa786c3a4f5198d3133fd67e622c34faea13776d59a69dc6aa9025db296fd8a16ba5fc7ab7496c4af0

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4Uu6EIZPm83+3:bIDOw9a0DwitDwIZb3+3

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\245b1fe5b1dcfbexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\245b1fe5b1dcfbexeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:2144

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    46KB

    MD5

    dcf0088d67b1efe35f81b872be83ea5d

    SHA1

    db8c7a3625ee58f37af09cf9d369851b87efe081

    SHA256

    9f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e

    SHA512

    78e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    46KB

    MD5

    dcf0088d67b1efe35f81b872be83ea5d

    SHA1

    db8c7a3625ee58f37af09cf9d369851b87efe081

    SHA256

    9f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e

    SHA512

    78e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    46KB

    MD5

    dcf0088d67b1efe35f81b872be83ea5d

    SHA1

    db8c7a3625ee58f37af09cf9d369851b87efe081

    SHA256

    9f2567a9619f33a85968eb691eaf5dde7f19462136e6abae9eb37ceea287431e

    SHA512

    78e1e3f58ddf15e1afd840ecf63d4aad2c0df51b2eeb1bfef8ba00e5b97ed55d65bc6d0e51b9769bd214768ef1004a653eaa2f69288685e614226fe576c503f8

    Download Submit

  • memory/2144-149-0x00000000004E0000-0x00000000004E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2996-133-0x00000000022E0000-0x00000000022E6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2996-134-0x0000000002180000-0x0000000002186000-memory.dmp

    Filesize

    24KB

    Download