Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9cf0d4d124...ex.exe

windows7-x64

7

9cf0d4d124...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2023, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cf0d4d12422efexeexeexeex.exe

  • Size

    48KB

  • MD5

    9cf0d4d12422ef9ed2ffcfb2a41648bb

  • SHA1

    9583c81f23566fe5af1965384ade07d2ba8fcbf9

  • SHA256

    2e57ec86a023e93d113ebac60c7c833ddf3c93860e0d88c5448435414eec4228

  • SHA512

    27cfdc841a9654070eea95f8c1de14a1969aba8caf833a86d08606a168d0c51f6c552f77fde81dbaf8052b8251ef821ce8c1e3590c128b2698e809157facfe89

  • SSDEEP

    768:bIDOw9UiaCHfjnE0Sfa7ilR0p9u6p4Uu6EIEIDKlPopW:bIDOw9a0DwitDwIzDKlPopW

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cf0d4d12422efexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\9cf0d4d12422efexeexeexeex.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:4796

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    48KB

    MD5

    e0d9411035d65ed58173034a60c5383b

    SHA1

    4a5d41ce84f5be29425b9b6d642d3bfd5809684c

    SHA256

    c3aef74ea6f7d0e21c5d03f5a09e4e98963710515c5fd21303f2c293e97e6304

    SHA512

    c122098289ce2ce4c63e13a5dda0af5b8a217ee59d5ff3b3c9155d4392b8ba4a4879f1b3fc73370d2327ffa65285ca4d68744f921c62a75ca4a0d46a639e16a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    48KB

    MD5

    e0d9411035d65ed58173034a60c5383b

    SHA1

    4a5d41ce84f5be29425b9b6d642d3bfd5809684c

    SHA256

    c3aef74ea6f7d0e21c5d03f5a09e4e98963710515c5fd21303f2c293e97e6304

    SHA512

    c122098289ce2ce4c63e13a5dda0af5b8a217ee59d5ff3b3c9155d4392b8ba4a4879f1b3fc73370d2327ffa65285ca4d68744f921c62a75ca4a0d46a639e16a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    48KB

    MD5

    e0d9411035d65ed58173034a60c5383b

    SHA1

    4a5d41ce84f5be29425b9b6d642d3bfd5809684c

    SHA256

    c3aef74ea6f7d0e21c5d03f5a09e4e98963710515c5fd21303f2c293e97e6304

    SHA512

    c122098289ce2ce4c63e13a5dda0af5b8a217ee59d5ff3b3c9155d4392b8ba4a4879f1b3fc73370d2327ffa65285ca4d68744f921c62a75ca4a0d46a639e16a9

    Download Submit

  • memory/2768-133-0x00000000006D0000-0x00000000006D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2768-134-0x00000000006F0000-0x00000000006F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4796-149-0x0000000002050000-0x0000000002056000-memory.dmp

    Filesize

    24KB

    Download