Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

4e5c8938ed...be.exe

windows7-x64

6

4e5c8938ed...be.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    2s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e5c8938ed644daec8e14035d1f13bbe.exe

  • Size

    1.4MB

  • MD5

    4e5c8938ed644daec8e14035d1f13bbe

  • SHA1

    1360d8c4f029755ddc0dae7396d13d049f745602

  • SHA256

    baf65a4cb3a3443c4dea37ddd9766557037a970b6c1f2376fe75e1e09997cd4c

  • SHA512

    9656ba361f94253971da6b6a0f708560d3f9b2cd8961d7323a3cd67e3d5f8f550791554cef5c4d0a7b8ef22ebfdf3a087b2cba1007c0ca329dd0a8712c1ab5bb

  • SSDEEP

    24576:zIA7opO13nWEjukQuzHVZ64lEq25RHxrFCKezViURT1jS7VQ+SB42Cf6:D7op+Weu+zHj64ENRhCHJh1jS7y+SBhT

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up geolocation information via web service

    Uses a legitimate geolocation service to find the infected system's geolocation info.

  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 34 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe.exe
    "C:\Users\Admin\AppData\Local\Temp\4e5c8938ed644daec8e14035d1f13bbe.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3012
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im chrome.exe
      2⤵
        PID:2036
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im chrome.exe
      1⤵
      • Kills process with taskkill
      PID:1564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d028739b900276af331f7de12762d4b7

      SHA1

      62b70174063ff06ba66326c2b8c127bf285b8a8b

      SHA256

      2402271894dc1bbc91333c49dbf3229196c1612c5fb25b08f4c202b1cd2ea360

      SHA512

      022b4a0a66d0f05c872d326fa163c35cb10a0da4a1a9f733be3264921a5aa5c43d3b05463003d622036bd636d5ae20346ce5d0e4cfcc7a0f92fb3132e952d24c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9be610b9361341521611224943580c09

      SHA1

      1455b65b668734adf5bff1e7fcad184e53f7bfab

      SHA256

      1d4cde5935b3ac0092256a5ee2f508527fed7e4e9df9318ecce3ae6f587b19fc

      SHA512

      59b7e65f981b62b50bbaf6d3c211c0ec6394fef06322afe82b2161ad56a177d768c9c37d725776bf9c9f885285025d89c5b9cd3a92fa02c177f3046a127311e8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab24D1.tmp
      Filesize

      7KB

      MD5

      1722ffc8797303d6ed2a0f5a28346d7e

      SHA1

      ba4ba6187d741e375a533c83f80b592612688694

      SHA256

      6d47c05166ebf413169413bc5f8d85668f474cc48105d50733dec1667788af30

      SHA512

      c53651856477e2ce2669e6821a60c36950eb4de1afa6f5a3cce015487d23a86631ecbf8e2b04339ef5ed2472181defb44dffaf182079153e7e73f95f54c531e5

      Download Submit