Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

7acb5eabb9...b4.exe

windows7-x64

7

7acb5eabb9...b4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2023, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7acb5eabb9d002e32923191a8497d5df39ceb0bb8c26b4224666eebaf4d336b4.exe

  • Size

    508KB

  • MD5

    ebf41dca08eaff6619674ad8bb1a64fc

  • SHA1

    6d8b15a7c8d773592bd8cf3d01fb62496685fa47

  • SHA256

    7acb5eabb9d002e32923191a8497d5df39ceb0bb8c26b4224666eebaf4d336b4

  • SHA512

    bf6c69001088009525e8507218b7802adaecbd95baa4aac8c6bcb453ad2f5f5ef7d7e9fb457d82f19e4026d74cc9444b939d17692ea52832406dd7e12a4a9a9a

  • SSDEEP

    6144:tW0J07EHxsWKKCbrZXDbI33z5P/kjguInr39tAOLPvI1ILz:44CWKKCrZTGF/k8uMxtxPvvz

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7acb5eabb9d002e32923191a8497d5df39ceb0bb8c26b4224666eebaf4d336b4.exe
    "C:\Users\Admin\AppData\Local\Temp\7acb5eabb9d002e32923191a8497d5df39ceb0bb8c26b4224666eebaf4d336b4.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:116
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\7acb5eabb9d002e32923191a8497d5df39ceb0bb8c26b4224666eebaf4d336b4.exe"
      2⤵
        PID:2672

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\tkjsidfsd
      Filesize

      48B

      MD5

      4ef84ddef3748474bffae4ec9f9d43da

      SHA1

      ccc71b6b1d586aee9074d1579366c776a505069b

      SHA256

      e09c948ba1c8bbbb9c57ad825c3ab83869cecffb098643b51ff1963907833be2

      SHA512

      af960e05eabc1177c4eb88d4291c4407f6420c66dac5e8c449efa2dbb9abeae2ade7a56bf603d3ffc578c0393e75fe71a5c8b7a68ac45557349741539a61dba7

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      97B

      MD5

      45e3367f029ce64ff50f166e3529e36a

      SHA1

      3512de4911b84bb71f41407c210c7f083e52c28c

      SHA256

      8ec6b4a73e8e7d8ff8901c82f055402b9071cf426b52584d9f882361cfcead88

      SHA512

      5efab7e0a7e7bc71f26064533612b7b77f359dc31de6f443507e9af7a8fb5675119ab589f066152342707336b4ed5aabd9d40d1a2ddb9506b8f0dc83e6ef4cca

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      48B

      MD5

      4ef84ddef3748474bffae4ec9f9d43da

      SHA1

      ccc71b6b1d586aee9074d1579366c776a505069b

      SHA256

      e09c948ba1c8bbbb9c57ad825c3ab83869cecffb098643b51ff1963907833be2

      SHA512

      af960e05eabc1177c4eb88d4291c4407f6420c66dac5e8c449efa2dbb9abeae2ade7a56bf603d3ffc578c0393e75fe71a5c8b7a68ac45557349741539a61dba7

      Download Submit