Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

379b241111...5a.exe

windows7-x64

7

379b241111...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    379b2411110b4f9e385590ea13c1655a.exe

  • Size

    289KB

  • MD5

    379b2411110b4f9e385590ea13c1655a

  • SHA1

    90b41c5f574921ca77cf4d2cb1fae3d585107880

  • SHA256

    1584d355aa8d7ddd184612ef68a09ff02111c871513c076c6d68bd1f79899f74

  • SHA512

    0fd66e5e9cb65fdfb37bf6447977151cf9c85a0c95762e3969b58ee03b8eaadc62e386f5485fdf82324489d3f9383ecdbef01676bd67350a963cf7c2cd45b5b6

  • SSDEEP

    6144:lxqGwAcphJh9jOccrD7pivp+G0mxipZ5hya3u7sKXf8:lEGwAcphn9jOP/1iAG0ymZ58a3u7Nk

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\379b2411110b4f9e385590ea13c1655a.exe
    "C:\Users\Admin\AppData\Local\Temp\379b2411110b4f9e385590ea13c1655a.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4488
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" c:\5c49539c-d6d6-45ba-8cc5-2e6331b1dbd5\start.hta
      2⤵
        PID:4136
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c rmdir c:\5c49539c-d6d6-45ba-8cc5-2e6331b1dbd5\/s /q
        2⤵
          PID:5060

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\5c49539c-d6d6-45ba-8cc5-2e6331b1dbd5\InstallerHelper.dll
        Filesize

        133KB

        MD5

        9f1726e072fe7186971f169892640bec

        SHA1

        4f311d11545ade36002b96240da392d8e375e64a

        SHA256

        8de1ba2162cc234b4991a1beb5b07f86c93ed6ddae7a921f229166896451e2ec

        SHA512

        42a33e68e61662074b68a30aa901c6b6fccf975121d5a9f711e1834097e26ed4974c88b5c371648354d90f0413ea29a46ce259f93a9d719e67945bd52a9c8dca

        Download Submit

      • \??\c:\5c49539c-d6d6-45ba-8cc5-2e6331b1dbd5\INSTAL~1.DLL
        Filesize

        1KB

        MD5

        1f17a2d642f701c29ee8427b66df4c2e

        SHA1

        b55dbd8c3498a7d347b8d927f28f54606a22a6fd

        SHA256

        78aef289430794b84eda81de6869850309c772eb52a5c6ba4adce6ddaf14e50b

        SHA512

        b81ac970da3e810eb739f1b36638126814fbf6f1d5a6fc5035de80a30f40f1e728727592c4568bc82b598e66f02280d3a4c441762cc2ea2b6e958c2da4b7b354

        Download Submit

      • \??\c:\5c49539c-d6d6-45ba-8cc5-2e6331b1dbd5\loader.gif
        Filesize

        1KB

        MD5

        e88ebd85dd56110ac6ea93fe0922988e

        SHA1

        684a31d864d33ff736234c41ac4e8d2c7f90d5ae

        SHA256

        379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

        SHA512

        211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

        Download Submit

      • \??\c:\5c49539c-d6d6-45ba-8cc5-2e6331b1dbd5\start.hta
        Filesize

        1KB

        MD5

        db4ada697fa7a0e215281533d52578e9

        SHA1

        fb755ea8371edf5065dc53e21eb413603f9eba7f

        SHA256

        f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

        SHA512

        9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

        Download Submit