Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 18:13

General

  • Target

    0af473977e2b58a3630dc2bd59245127.exe

  • Size

    89KB

  • MD5

    0af473977e2b58a3630dc2bd59245127

  • SHA1

    6b1086070e0918c428b4f6688fe2760c9ab9dfea

  • SHA256

    76fe72e0ecdc389b5749df5fe406cb70110b1ef8b64e51cf0a96da2fa2ec5eb2

  • SHA512

    d2f001ed413538368597585483c6745ab1bec058e227ada41937b75435f9456135b876e0ce40249389448b9769a37c3c06233c0d648cfaf9f613e42ad0b92450

  • SSDEEP

    1536:ef/SovFSSZtDgN+DpDkDEFtC+YF8965L+v:I/zv0SZtDgN+Dp+ErYF896W

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0af473977e2b58a3630dc2bd59245127.exe
    "C:\Users\Admin\AppData\Local\Temp\0af473977e2b58a3630dc2bd59245127.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Windows directory
    PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\ibhgpqipcnsaermwygkunhndprgwnlad

    Filesize

    16B

    MD5

    e55bccbef30aefb59102892c9cf5e4f6

    SHA1

    8d2240d31aba6b140e08eaea4330d6eb83a76991

    SHA256

    14b45738c6d1592ff9d88a075d801c0b31ffbc7656016801fb452fc4bd137e03

    SHA512

    2007f1d10898f8ce94d10bd69dfb5ab0b2c5bc08bb1e505006ff60e59ae091038b9925b5d1a8e42186a9618bce7a72d00c007c46543459343ba8439a9c50d1f6