Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

5b648b9054...5a.exe

windows7-x64

7

5b648b9054...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b648b9054475b8496b7fe3e3d562f5a.exe

  • Size

    142KB

  • MD5

    5b648b9054475b8496b7fe3e3d562f5a

  • SHA1

    ce7321839540299a9c894bf1338ab6592aff9c4e

  • SHA256

    6da1bb18d50b9365e9b290dc2be93ec280a7b76a121023e4e453f400a3235ffe

  • SHA512

    8e14785c90ffc6c8837865f317852e04117ed5fb45c15c6e61bfd2c98a35d8f189c6f0fcb88bbaf13ba73417ac38e6142269f61dfa39bbb3c53a7842766bfcdf

  • SSDEEP

    3072:inOn7t7XpdpCCTg/sxFgJaeqgKJ+BCpC0BOAIiBMwLi70QNe+rH8R70AxpSQ8:iKpdcCrTdgK4nlidu4YVHo7mQ8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b648b9054475b8496b7fe3e3d562f5a.exe
    "C:\Users\Admin\AppData\Local\Temp\5b648b9054475b8496b7fe3e3d562f5a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\downloadmr.exe
      C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\downloadmr.exe /u4e8de351-1254-4bc4-803a-1e235bc06f2f /e2365298
      2⤵
      • Executes dropped EXE
      PID:840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\System.dll
    Filesize

    1KB

    MD5

    8143e59c2b92661b705733d2ac1abe10

    SHA1

    d9ac6750f186ad7025ce4e03082fc6b3116a3294

    SHA256

    298d293a33588c53853c11884f93bf103d0716cdb7fcfbb4f1efaaa8b9aeb5b3

    SHA512

    1eb9f318db0e5b409d61a8eb7a80016ac912bb7639b04b5ece8d10bedcf3881e52d27ee47769e37ba332e82bad3c826b633067557133b8fa7bce7dd4c436ad77

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\downloadmr.exe
    Filesize

    23KB

    MD5

    30e635e76552612fdf529dd3208cb02d

    SHA1

    c36099c86f0b7781db2dcc672ad606143405f1d5

    SHA256

    fbc9d31b12a133d04e80b378c839e627c31c89a83fb815204e8086cad9ef1992

    SHA512

    78762f4d5a9335e36ffccaca5472ecf10755996a44aec7f5d195c8f1027a24ee6a67d3d363ff0b74b7a66984a9890df7c0af8ed25987516d04a38058a0c0d962

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsv4901.tmp\downloadmr.exe
    Filesize

    9KB

    MD5

    da6da9c34888f7c6fa2b1cc46b4423f9

    SHA1

    c28dbca6af6e4f0e05997eb932b021c282582730

    SHA256

    602e2f046ce276dc479032a3dfdbd0bd267be8a00effbd73c8e72ec3f1ef7aa6

    SHA512

    9e6a2767ea0bc3ac916a20066aa6bb8b05acd0d90dde0adaff1ccaa5305c9777b561c74c3a637958346616d11fd01ca099a7252c58a29f7566bd9063251c55ca

    Download Submit

  • memory/840-13-0x0000000074230000-0x00000000747E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/840-15-0x0000000074230000-0x00000000747E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/840-14-0x00000000011B0000-0x00000000011C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/840-17-0x00000000011B0000-0x00000000011C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/840-16-0x00000000011B0000-0x00000000011C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/840-18-0x00000000011B0000-0x00000000011C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/840-20-0x0000000074230000-0x00000000747E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1688-24-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download