Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

54ecc5a864...af.exe

windows7-x64

7

54ecc5a864...af.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54ecc5a86401b76141949f5cd11d96af.exe

  • Size

    78KB

  • MD5

    54ecc5a86401b76141949f5cd11d96af

  • SHA1

    16df221f62193e7c5156b31ccc1dab36a0828607

  • SHA256

    43e44ad194b4e54571ec96ac66728541353fca0a89407796d950880c4d89a415

  • SHA512

    5a2047ececb7048631e408e4124b1b1b7aaf357b3abbf70092a357509ca8ff7460aab9175090a5d4603ced27917d5dd2bdaa0e68f3032d521163f4b613e6f7a8

  • SSDEEP

    1536:tR8jgVoGs8pQjci3Qi6mDfq+TKsySfizW7KsdN36M/w6YZ8:MjasFgi3pySay7KS/w58

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54ecc5a86401b76141949f5cd11d96af.exe
    "C:\Users\Admin\AppData\Local\Temp\54ecc5a86401b76141949f5cd11d96af.exe"
    1⤵
    • Checks computer location settings
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:3320
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Bbj..bat" > nul 2> nul
      2⤵
        PID:4176

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Bbj..bat
      Filesize

      210B

      MD5

      d5f1d2f5b5bb624e54eca6a32f248e09

      SHA1

      83569abc57b5e615a7b519f0c90d82766eaa2e11

      SHA256

      b9705d29e69dda621cae7a6f0d29b06fb52b922aad3e1e76ba9adfc6e77d1c8c

      SHA512

      2172536ebc16c805edc9e62be56d7171014260a212487576bfe175d805d3a09bbfbb16a863bc8bee75426640855781776390ccf4f3d093d72fff9cac7fa2d365

      Download Submit

    • memory/3320-0-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/3320-2-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/3320-1-0x00000000021E0000-0x00000000021E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3320-3-0x0000000002240000-0x0000000002241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3320-4-0x0000000002240000-0x0000000002241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3320-6-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download