Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

710605a130...2b.exe

windows7-x64

7

710605a130...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    81s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    710605a130a5d1e19e12e8ba091d1a2b.exe

  • Size

    489KB

  • MD5

    710605a130a5d1e19e12e8ba091d1a2b

  • SHA1

    f77df77f0037981e37d7def1db128a6d86f0493d

  • SHA256

    f019596f88bf76713b21eb5d71d10c0298dfcb59b94ea65409ea1404fb6657d0

  • SHA512

    719c7d0fbf5d53932f90f5abb495beedaa8cff43fc873af1bdb7b58e6720db061403655c07382e8082d3f1187a49bc717ee5d825eeb512171911c3bb5e69ed9d

  • SSDEEP

    12288:56TPW1Fm3lj0emIe1wcwqkcIJm7czh2N8nUlZPWU+Dz:cD4FEQemIwwcwq3IJ9N2ynQ1Qz

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\710605a130a5d1e19e12e8ba091d1a2b.exe
    "C:\Users\Admin\AppData\Local\Temp\710605a130a5d1e19e12e8ba091d1a2b.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\SysWOW64\ossproxy.exe
      "C:\Windows\System32\ossproxy.exe" -install -o:256 -start -uninst:RelevantKnowledge -c:108
      2⤵
      • Executes dropped EXE
      PID:2316
    • C:\Users\Admin\AppData\Local\Temp\counter.exe
      "C:\Users\Admin\AppData\Local\Temp\counter.exe" "&ast-comscore"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GLCF7BE.tmp
    Filesize

    161KB

    MD5

    263e81631fb67194dc968dc3f4bdb4e7

    SHA1

    2998697c503a542d5cf1e25a0d0df18fcd38d66c

    SHA256

    9200949ab6f777df957fc524d4733e2cb47b89a209c07d2be57b4c63cecbf766

    SHA512

    2eb6fd28ba87f193a35f1c4bd4c6ff29495a3c10fea8bfa0506df97fcae5ca16f2617703137ecb32cf6b7dbd3048507dd4d0c7418845cfdce5c43896aec45dbb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLKF965.tmp
    Filesize

    33KB

    MD5

    517419cae37f6c78c80f9b7d0fbb8661

    SHA1

    a9e419f3d9ef589522556e0920c84fe37a548873

    SHA256

    bfe7e013cfb85e78b994d3ad34eca08286494a835cb85f1d7bced3df6fe93a11

    SHA512

    5046565443cf463b6fa4d2d5868879efc6a9db969bf05e3c80725b99bd091ce062cfe66c5551eb1cc5f00a38f2cfcda1f36fb4d60d9ff816c4ec3107b5a0df40

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GLMEC2.tmp
    Filesize

    12KB

    MD5

    a8108d3e40849b61fddfacf36e520395

    SHA1

    a03b5ae5bc22e3ce89a7205c7aea8c3339cf8dcd

    SHA256

    84c6507fe457d6a882f643908423a3e42ee1170218d18c53366ae6fbd627ff36

    SHA512

    50b4ede09a34860571fac72f2bdf0877f26f4ce276ebade5c3406fa5ede2dd6b5dd3fae4b74acae022e161d6a59142d0976064f993593ccac5988e1926816062

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\counter.exe
    Filesize

    124KB

    MD5

    66daeb2cb7168803f57dc5a1cc55410b

    SHA1

    3fe6e0af8bac1c0dcdaf90459756332927d94eda

    SHA256

    fa4b812deadb71f86ba1ae513a4f841c39cece3a3df1b3c3bc74a5ac07ecfaac

    SHA512

    ba9dc4eb4abe522d6c4ab6d03c0f110094e4b4148730a63dce7be049d6a09f26d8a6353083f5f4c388a33c3971961b5e2fa326146580047d8648f693578acb91

    Download Submit

  • C:\Windows\SysWOW64\ossproxy.exe
    Filesize

    436KB

    MD5

    2b0553988ade900ff234234461b67426

    SHA1

    55534d027348d602beac43b73204d2e86f2be058

    SHA256

    075c0d8846eff7bf11b6f7b8dcaa423b36a6530be5e042e73c7c46e2e9105f39

    SHA512

    d2abc14fc676c60f07eb804cc92fb363b15c4f18e2ac2de972b3bd4a029137977c03b897f51c4ed8d43b185d386612b48682b2d155a401f671482893f8d4de6f

    Download Submit