Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4685fcbbf9...51.exe

windows7-x64

7

4685fcbbf9...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4685fcbbf973a794d1085426c4d10451.exe

  • Size

    359KB

  • MD5

    4685fcbbf973a794d1085426c4d10451

  • SHA1

    f3a9a196f40ed1d8c624ac8583c7c498a9a2083f

  • SHA256

    20b10b69eff0fcba9ee4d6024298b1e0cf7278038adcb176cfb688f9e6bd1042

  • SHA512

    a1dfe782f5dc668269a89ec18cd469767813247a17e15a665102a26847ce6a7e87256b5db7214418291b3ae6cbd4f4ffc8ea9b30d2bd3170b0c4bdae930f8d36

  • SSDEEP

    6144:6BGq8hGSLhlMcLxvH2VRL0MQU30pyMi0bZ4B:KKHTMc1vH2VZ0MQUWg0e

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4685fcbbf973a794d1085426c4d10451.exe
    "C:\Users\Admin\AppData\Local\Temp\4685fcbbf973a794d1085426c4d10451.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:5060
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" c:\34427d12-bffc-4bf6-b4f2-b386be70c78a\start.hta
      2⤵
        PID:1896

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\34427d12-bffc-4bf6-b4f2-b386be70c78a\InstallerHelper.dll
      Filesize

      132KB

      MD5

      56991710aad386faa6a683b576841c4b

      SHA1

      1a09af821bf25a192a63c5d8be1be93546ec43ce

      SHA256

      071f1b44492b7a6f5d4d2da290ef5ae2f1045dd24ed48f5d718e6f1fea039653

      SHA512

      267256ee85cb4c6d14ee43eac45aec3b8941794ab4dd215b424f20bae8858a613a66ef947ca8c4dec1f8d18c86e02bec13044875f9437531427757cac4e2e543

      Download Submit

    • \??\c:\34427d12-bffc-4bf6-b4f2-b386be70c78a\loader.gif
      Filesize

      1KB

      MD5

      e88ebd85dd56110ac6ea93fe0922988e

      SHA1

      684a31d864d33ff736234c41ac4e8d2c7f90d5ae

      SHA256

      379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

      SHA512

      211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

      Download Submit

    • \??\c:\34427d12-bffc-4bf6-b4f2-b386be70c78a\start.hta
      Filesize

      1KB

      MD5

      db4ada697fa7a0e215281533d52578e9

      SHA1

      fb755ea8371edf5065dc53e21eb413603f9eba7f

      SHA256

      f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

      SHA512

      9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

      Download Submit