Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

cc46dcaf1c...20.exe

windows7-x64

7

cc46dcaf1c...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2023, 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020.exe

  • Size

    2.9MB

  • MD5

    151218fec66bb600cd332836c08a1936

  • SHA1

    ac8bfffedbbbef42960c0d9f23b86d9c37424f05

  • SHA256

    cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020

  • SHA512

    4ad27c3648d195ff5226ee1a16131cfabb177b27d9ab74660dc7415ff98f0cd489abf0de53bb132cf7f556563bbb64879db8e6747d3d4e90bb75a317d462d393

  • SSDEEP

    49152:HdgokOEY+BOhUI32mKJH1o5MTepxfMoaWeX9RialiTWKI6dbTNvpm2quVAzHKlnN:HUHY+FrO/CWetRx6Plzm2LVAzqqa

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020.exe
    "C:\Users\Admin\AppData\Local\Temp\cc46dcaf1c9f9be0e98058eb356f0a6f5a776d86770f313ad6a07d2a807f0020.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4280
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /U /S XDGDyE.yFL
      2⤵
      • Loads dropped DLL
      PID:568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\XDGDyE.yFL
    Filesize

    2.7MB

    MD5

    4547ee14a13ad4926ab2606a91b39716

    SHA1

    4afdbabe974d85aa41cc58f1429c5570b6d4436a

    SHA256

    cc2185c0db062e46db27d56c7a2f5962e7cd4e57f27b6e302c962869a316ab9e

    SHA512

    951a4f29a477b3e5cb1e2617e1b4ef20e9343b686439fc224fc9da31c1f70de669c304ada36401da991581891e8edb11cc7790200e4bf435336668a348f624c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\xDGDyE.yfL
    Filesize

    2.7MB

    MD5

    4547ee14a13ad4926ab2606a91b39716

    SHA1

    4afdbabe974d85aa41cc58f1429c5570b6d4436a

    SHA256

    cc2185c0db062e46db27d56c7a2f5962e7cd4e57f27b6e302c962869a316ab9e

    SHA512

    951a4f29a477b3e5cb1e2617e1b4ef20e9343b686439fc224fc9da31c1f70de669c304ada36401da991581891e8edb11cc7790200e4bf435336668a348f624c6

    Download Submit

  • memory/568-4-0x00000000023F0000-0x00000000023F6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/568-5-0x0000000010000000-0x00000000102B9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/568-7-0x0000000002800000-0x00000000028FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/568-8-0x0000000002900000-0x00000000029E3000-memory.dmp

    Filesize

    908KB

    Download

  • memory/568-11-0x0000000002900000-0x00000000029E3000-memory.dmp

    Filesize

    908KB

    Download

  • memory/568-12-0x0000000002900000-0x00000000029E3000-memory.dmp

    Filesize

    908KB

    Download