Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

5753d34723...ex.exe

windows7-x64

7

5753d34723...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/07/2023, 20:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5753d347237d9dexeexeexeex.exe

  • Size

    35KB

  • MD5

    5753d347237d9dbfd76b7d7d13e8988e

  • SHA1

    1c860173d3b099123f80800c526c14319ade6255

  • SHA256

    e86206e99ca57ae6c8b0d88b574b46bba6122d7fb8849a0cd274422ea87c9167

  • SHA512

    3621a8c8a97044b9391fd853ab593be503f5caa8634c784372eb0f7a2c2c39a4379694e3e2818027472ad90ffc848a865079c6303503c6ea4f57629bab681d4f

  • SSDEEP

    384:bgX4uGLLQRcsdeQ7/nQu63Ag7YmecFanrlwfjDUkKDfWf6XT+72DxL9Dk:bgX4zYcgTEu6QOaryfjqDlC76L9A

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5753d347237d9dexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\5753d347237d9dexeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3140
    • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
      "C:\Users\Admin\AppData\Local\Temp\hasfj.exe"
      2⤵
      • Executes dropped EXE
      PID:3352

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    5a8096e2cfea698dda3f645b74685dde

    SHA1

    758532075c9058af1fd2b1ae08d73734e3e55beb

    SHA256

    8590ccfcb00a0725bc0e34fdd62f85f950c2caec29d95fb61f0200d540c2dbe1

    SHA512

    eb0f28da3810232ed93cfc5be5619e6ae9991acd4e1f519ada498f498411e5068019b85b6f9f44c08940bf4ac29d3d1b1c6394b42c34a4cf3c18cd32ac81835b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    5a8096e2cfea698dda3f645b74685dde

    SHA1

    758532075c9058af1fd2b1ae08d73734e3e55beb

    SHA256

    8590ccfcb00a0725bc0e34fdd62f85f950c2caec29d95fb61f0200d540c2dbe1

    SHA512

    eb0f28da3810232ed93cfc5be5619e6ae9991acd4e1f519ada498f498411e5068019b85b6f9f44c08940bf4ac29d3d1b1c6394b42c34a4cf3c18cd32ac81835b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\hasfj.exe
    Filesize

    35KB

    MD5

    5a8096e2cfea698dda3f645b74685dde

    SHA1

    758532075c9058af1fd2b1ae08d73734e3e55beb

    SHA256

    8590ccfcb00a0725bc0e34fdd62f85f950c2caec29d95fb61f0200d540c2dbe1

    SHA512

    eb0f28da3810232ed93cfc5be5619e6ae9991acd4e1f519ada498f498411e5068019b85b6f9f44c08940bf4ac29d3d1b1c6394b42c34a4cf3c18cd32ac81835b

    Download Submit

  • memory/3140-133-0x0000000000600000-0x0000000000606000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3140-134-0x00000000022D0000-0x00000000022D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3352-149-0x0000000002EA0000-0x0000000002EA6000-memory.dmp

    Filesize

    24KB

    Download