Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

8e5567895b...57.exe

windows7-x64

7

8e5567895b...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 05:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e5567895b53abf71a5009dae20bf557.exe

  • Size

    2.3MB

  • MD5

    8e5567895b53abf71a5009dae20bf557

  • SHA1

    2ea8acc94e7a87cac5b4e659bc0496aeccd7996c

  • SHA256

    54d212d4940739b01dd37e760c19ad1a85ffac2872d5d872c7cf859f1ebd4833

  • SHA512

    8cdd84bac1122fdb0d76c2c7aa1071eae0860e1e673827ec20ae7345e42b58d8906c894ef38f58100c835cbec766ac928193b466968fd28f61bd5a0309ed7a8c

  • SSDEEP

    49152:2W6H27a3ndBxYwHJJcFWScFZ2iNY6h9BEzQ+NTVSjdictQLW0S4:mIa3nVYwpJcsCim6/eNKjdFtQg4

Score
7/10
evasion

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e5567895b53abf71a5009dae20bf557.exe
    "C:\Users\Admin\AppData\Local\Temp\8e5567895b53abf71a5009dae20bf557.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe"
      2⤵
      • Executes dropped EXE
      • Identifies Wine through registry keys
      PID:4248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\rinst.exe
    Filesize

    464KB

    MD5

    32edb4fa6786a707cd69d2fea6a6fb91

    SHA1

    b134051b77125d3031442bb9b3df224fbd19de91

    SHA256

    809627e01f548178c6df8e989cecd2707035c5207f2f1a8d9de22619f53367a2

    SHA512

    18b5e100cfd7ad825b1439af1c2542bfd5e672acf39019c956496b9beccc7abc02cc4c2d4588f5fa9ee7d2e55953dbb3541636ce5ea23c1b89ecc8b2c67eee90

    Download Submit

  • memory/4248-22-0x0000000000400000-0x0000000000514000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4248-26-0x0000000000400000-0x0000000000514000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4776-0-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4776-23-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download