Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3076aab270...f4.exe

windows7-x64

7

3076aab270...f4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 17:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3076aab270e73b8e0a5eaf31ba1930f4.exe

  • Size

    94KB

  • MD5

    3076aab270e73b8e0a5eaf31ba1930f4

  • SHA1

    575fb773bb5fdacf12e5a4a3cf9c986a0dccc821

  • SHA256

    62fe5706c57b094da3b8247d136a039dc6f569a340d5cedffea4f565cce60db5

  • SHA512

    8dcfd53d6e6645bbd114856d1f5f5a90f653e7387518d90107bee63735cf1947319cad91f86b160c75fba9079092081ef7c72950441a13434aa030ecdcbf22b0

  • SSDEEP

    1536:Xfg+M2Y9oH+cpTKeyaI0Z/od8bDbRvU5yYeVYXrgITAGXBB3exYEjpepikFIy:XfgyY9oH+cTKGI0Z/oooeVYXrgI0GXW4

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3076aab270e73b8e0a5eaf31ba1930f4.exe
    "C:\Users\Admin\AppData\Local\Temp\3076aab270e73b8e0a5eaf31ba1930f4.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3508
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Qhf..bat" > nul 2> nul
      2⤵
        PID:3152

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3508-0-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/3508-2-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/3508-1-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3508-3-0x0000000000540000-0x000000000055B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3508-4-0x0000000000540000-0x000000000055B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3508-6-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download