Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

74ae573619...a0.exe

windows7-x64

3

74ae573619...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74ae5736190f0c7dabd1817050402da0.exe

  • Size

    92KB

  • MD5

    74ae5736190f0c7dabd1817050402da0

  • SHA1

    72d09f73fce069811d8e4216da72f59efc95d7a0

  • SHA256

    d94e3a642efb639edc26ab38e245071b21a37e22e7deb4c640922c904d120e79

  • SHA512

    ce42ea663ab49b4c6d95646652e1cf426ef998dee18db4c7db4e745dfdebbbec61341a11ca8509173b21a70e2f50974e96fd378b82ee8626a2417e9d02556a4f

  • SSDEEP

    1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfzxy4OV:fq6+ouCpk2mpcWJ0r+QNTBfzM

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ae5736190f0c7dabd1817050402da0.exe
    "C:\Users\Admin\AppData\Local\Temp\74ae5736190f0c7dabd1817050402da0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\BC7A.tmp\BC7B.tmp\BC7C.bat C:\Users\Admin\AppData\Local\Temp\74ae5736190f0c7dabd1817050402da0.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:652
      • C:\Windows\system32\iexpress.exe
        iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\hid.sed
        3⤵
          PID:2776

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\BC7A.tmp\BC7B.tmp\BC7C.bat
      Filesize

      1KB

      MD5

      da9a8db30b2193eb306fd377ddc09822

      SHA1

      2b14a8683d1faca6bd607d0ae398cb95c36ab6f5

      SHA256

      9a36afba88e927c8bb2a67791db72d7575c9b89639e7b5e265b49b965d1fa34f

      SHA512

      2055ae22207643f89e211db4272a7c8ef559535f8c5566098cceb0f05eaddf1f0a9e93f94b38885e10b715abae17ae33855b8dbbcc19a3c3db9aecda51ca5cfc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\hid.sed
      Filesize

      92KB

      MD5

      d463241307854afeab478d3167b2f418

      SHA1

      f88e0dcd3af8c83c73669f1304a087c35546ca14

      SHA256

      12229d7fd3880c86f84c8bdbbd9afcbe06562e9a43e5888beddb84f843f78bb2

      SHA512

      f9fbba5414efda8888772e69e4951d5942ed3d0e3f1b4edcd6d08f335d5e76e89731edd506f19878f1e91407601d1abe172a05958aa8d0e5619a8b2d0537ed18

      Download Submit