Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

61314bf6c6740a_JC.exe

windows7-x64

7

61314bf6c6740a_JC.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2023, 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61314bf6c6740a_JC.exe

  • Size

    29KB

  • MD5

    61314bf6c6740ae927e63c763a69c5da

  • SHA1

    204d27614f1358cbd3629628c8089d9ee24d92b7

  • SHA256

    28772098142f68d8c14fa252c98a63c3eb7278bced6317d8a87ff3607065a2db

  • SHA512

    3814cbe82c17b66036abb8faf2787e57b1c4d75d17770128718985fd88df4a08f3b4fc7858fffcd2b17cde584c3f90efe74a60c82bb7a5539c96266f7a6fc210

  • SSDEEP

    384:bIDl1ovmXAw9PMDREhi9OUSPlRxMc/cip7IAfjDb4H0g/X2kH9r5GJ:bIDOw9UiaCHfjnE0S2kH9rYJ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61314bf6c6740a_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\61314bf6c6740a_JC.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3372
    • C:\Users\Admin\AppData\Local\Temp\lossy.exe
      "C:\Users\Admin\AppData\Local\Temp\lossy.exe"
      2⤵
      • Executes dropped EXE
      PID:2096

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    29KB

    MD5

    4d2a6ecd492b561584853ac853eca91c

    SHA1

    28299607bea7461efe2aff9d29efe916722b89a6

    SHA256

    31b2345e3a5ddb802faa9785780dfe304580907141fe52ea8ea4b40e239cd7ba

    SHA512

    9eaa202e952dfccb8484e325960c5f2d8eb1f6e598422eaf262f6020d1d68746cf985eb662a7b03cda3f67ffc72c775b892c8a18849ef0e8fed63f8557e7ab42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    29KB

    MD5

    4d2a6ecd492b561584853ac853eca91c

    SHA1

    28299607bea7461efe2aff9d29efe916722b89a6

    SHA256

    31b2345e3a5ddb802faa9785780dfe304580907141fe52ea8ea4b40e239cd7ba

    SHA512

    9eaa202e952dfccb8484e325960c5f2d8eb1f6e598422eaf262f6020d1d68746cf985eb662a7b03cda3f67ffc72c775b892c8a18849ef0e8fed63f8557e7ab42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lossy.exe
    Filesize

    29KB

    MD5

    4d2a6ecd492b561584853ac853eca91c

    SHA1

    28299607bea7461efe2aff9d29efe916722b89a6

    SHA256

    31b2345e3a5ddb802faa9785780dfe304580907141fe52ea8ea4b40e239cd7ba

    SHA512

    9eaa202e952dfccb8484e325960c5f2d8eb1f6e598422eaf262f6020d1d68746cf985eb662a7b03cda3f67ffc72c775b892c8a18849ef0e8fed63f8557e7ab42

    Download Submit

  • memory/2096-151-0x00000000005C0000-0x00000000005C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2096-150-0x00000000005A0000-0x00000000005A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3372-133-0x00000000005D0000-0x00000000005D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3372-134-0x00000000005D0000-0x00000000005D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3372-135-0x0000000000700000-0x0000000000706000-memory.dmp

    Filesize

    24KB

    Download