Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

fc4773340b...3e.exe

windows7-x64

7

fc4773340b...3e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    127s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe

  • Size

    508KB

  • MD5

    38d29433e944ba129fa1457c564ddfaf

  • SHA1

    77b33b7ad847ea6d1405c7909a2ce7bcba132f3d

  • SHA256

    fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e

  • SHA512

    08312449987c0fa3f5ac68fc0779763f6bc8932a5037d572d440a935ef037eddd8027000c41c2153fb146a4e5241b32e1bc44a80e3792a005023388d2529bf4b

  • SSDEEP

    6144:vW0J07EHxsWKKCbrZXDbI33z5P/kjguInr39tAOLPvI1ILz:O4CWKKCrZTGF/k8uMxtxPvvz

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe
    "C:\Users\Admin\AppData\Local\Temp\fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\fc4773340ba2ae53e0b8e88ea9b84b7f749d8c205bb39478d266a5e3f254493e.exe"
      2⤵
        PID:4520

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\tkjsidfsd
      Filesize

      97B

      MD5

      87d5d9cd1d53739f1ccf032942de50fc

      SHA1

      58f87e5aef081650edc6414bf6d2286f3b275e17

      SHA256

      56bda9270b97809718abff70ca4d9d1880f3051ff3af4e9a5851fb3547f320b3

      SHA512

      396c6d52dca9623a8e5bdf34df67feda6e06389d56fe61ccb5d87d48f699dad2f83c532e2bafe0a8a2ed8ac426fece838f8745fcfcb4e09011bbe8b4bface00d

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      48B

      MD5

      d9cd1f291b99fb29ec3ad5e8e5ecb23b

      SHA1

      7ffbe6aa92ad98577727aa4bfaa1920dfd3dbf69

      SHA256

      9fe16bc85a08740f43e975c1a64424ecba39d2f69df1dd570cb97bdba79c97c2

      SHA512

      ed21f4e5671bfd5b2a6c0d1319ad308ec6c1521b143fd6c576e9cb0aae2325ed2d5a0f92a7504523c274fab94e9eaa5b2549e71582d204894f26b5d7107fd5bb

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      97B

      MD5

      87d5d9cd1d53739f1ccf032942de50fc

      SHA1

      58f87e5aef081650edc6414bf6d2286f3b275e17

      SHA256

      56bda9270b97809718abff70ca4d9d1880f3051ff3af4e9a5851fb3547f320b3

      SHA512

      396c6d52dca9623a8e5bdf34df67feda6e06389d56fe61ccb5d87d48f699dad2f83c532e2bafe0a8a2ed8ac426fece838f8745fcfcb4e09011bbe8b4bface00d

      Download Submit

    • C:\Windows\tkjsidfsd
      Filesize

      121B

      MD5

      467e88f8f68a301d30ff67c8e4b97a59

      SHA1

      1e8b2ed9e1f0464fd953fc415b9e8f874a22a277

      SHA256

      dfe3e10036e89d18a8acd8d627b73150e7c0c2b517ff229ccecb13be82d596a0

      SHA512

      e248cb6acbf10920a3f8c84dc2c84b685b1df2177c02076c8949d03e590cc91241bbabaedc066660fce98075d6099545c5f7d747fbe119f6000359a0daf8be04

      Download Submit