Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

37e0bb3390...5a.exe

windows7-x64

7

37e0bb3390...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37e0bb339045ce6b39152acb391fbb5a.exe

  • Size

    79KB

  • MD5

    37e0bb339045ce6b39152acb391fbb5a

  • SHA1

    e810c0e557be3d9c4e8c72d499bca9af6182dc11

  • SHA256

    8259ae1cc965aaf8545853248063d227fa62eb87d38616ca96a9275bb22971a1

  • SHA512

    08855ca08a1da7ea6283bc3df0e4cebedbc241461131154ff5d7b71b81e6a52e8e7a4e6916a456342f09136930f6b8b5a65153c4e4956ea7d8c46f7d78b8cc51

  • SSDEEP

    1536:RLNIP9SaZTbFARlq7jC1OZstZu0TS3lEdUJrkb00wJjZS:RL+ZTZX3BAtTS3lEdUJrkb0nlS

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37e0bb339045ce6b39152acb391fbb5a.exe
    "C:\Users\Admin\AppData\Local\Temp\37e0bb339045ce6b39152acb391fbb5a.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:5044
    • C:\ProgramData\Graphics\guifx.exe
      "C:\ProgramData\Graphics\guifx.exe" /run
      2⤵
      • Executes dropped EXE
      PID:2688
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\37e0bb339045ce6b39152acb391fbb5a.exe" >> NUL
      2⤵
        PID:8

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Graphics\guifx.exe
      Filesize

      79KB

      MD5

      2350ee1ad6545c38a2821bb21dddbccb

      SHA1

      8859369083f05b06c97cdd7eb271289cfc56ba60

      SHA256

      e75d527281e2c207daebd37ad4a1289cd9387736df59fb74c66d979fa3278336

      SHA512

      0b6c630678ddda79a26d2e34ae78924157e28b85d7676f52adb3c430f2bb6ee8285671d9e28e25c2dff6648e22178c6018860eeec8a7678550281c08fe0d2aec

      Download Submit