Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5b0b733c5a...3a.exe

windows7-x64

10

5b0b733c5a...3a.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Efterbrnde...31.pot

windows7-x64

1

Efterbrnde...31.pot

windows10-2004-x64

1

Analysis

  • max time kernel
    45s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2024, 02:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b0b733c5af1d0a28a8a117ec03f46d16b3a4e3b1b45a5eae3d15e09dff92b3a.exe

  • Size

    784KB

  • MD5

    e49773c89d735bf9e427e4108dce8a0e

  • SHA1

    fbca00f3b541bc57ca9308a291184a1d38f59da0

  • SHA256

    5b0b733c5af1d0a28a8a117ec03f46d16b3a4e3b1b45a5eae3d15e09dff92b3a

  • SHA512

    4f24777d0156d3b09555a41e8bbebcb4b32c0686e2c856c2169e9a74be7e779f281b9ac00a02f2a91faf99c5dd26134e1b05bcf386ac08ad0b59786f496d3e24

  • SSDEEP

    12288:c1nnU0REibppIBGG7B0bnwHpXNdQFQu+0TFpg6sFbY/zbWgpil1II7MlBcNQlY:unfrb3IBGGl0bydNdQahUj62i7Xy+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b0b733c5af1d0a28a8a117ec03f46d16b3a4e3b1b45a5eae3d15e09dff92b3a.exe
    "C:\Users\Admin\AppData\Local\Temp\5b0b733c5af1d0a28a8a117ec03f46d16b3a4e3b1b45a5eae3d15e09dff92b3a.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:5412
    • C:\Users\Admin\AppData\Local\Temp\5b0b733c5af1d0a28a8a117ec03f46d16b3a4e3b1b45a5eae3d15e09dff92b3a.exe
      "C:\Users\Admin\AppData\Local\Temp\5b0b733c5af1d0a28a8a117ec03f46d16b3a4e3b1b45a5eae3d15e09dff92b3a.exe"
      2⤵
        PID:5160
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 1728
          3⤵
          • Program crash
          PID:1992
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3100 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:3016
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5160 -ip 5160
        1⤵
          PID:2420

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsp6946.tmp\System.dll
          Filesize

          12KB

          MD5

          acd12e950b2ced1b5690f682d2c15b25

          SHA1

          639a1d0aaf669896377074281186cb6372811fd6

          SHA256

          6a28f1529bd59bc04f0519e086d2946ec4f09f5e4e6f30d2afb3c3585001dccf

          SHA512

          131bd07208d2d8c18ee9da36ce95e3c4a8d8acbb55fa96fc5a0affbc1d6e6b0ca733e9dd70ef1d5a0e15f91d88dbe1fe2c0656ea80b5a51e536ac54ab53110b4

          Download Submit

        • memory/5160-35-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download

        • memory/5160-37-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download

        • memory/5160-42-0x0000000001660000-0x0000000004705000-memory.dmp

          Filesize

          48.6MB

          Download

        • memory/5160-41-0x00000000777A1000-0x00000000778C1000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/5160-16-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download

        • memory/5160-17-0x0000000001660000-0x0000000004705000-memory.dmp

          Filesize

          48.6MB

          Download

        • memory/5160-18-0x0000000001660000-0x0000000004705000-memory.dmp

          Filesize

          48.6MB

          Download

        • memory/5160-19-0x0000000077828000-0x0000000077829000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5160-39-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download

        • memory/5160-38-0x0000000034BA0000-0x0000000034EEA000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/5160-33-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download

        • memory/5160-20-0x0000000077845000-0x0000000077846000-memory.dmp

          Filesize

          4KB

          Download

        • memory/5160-36-0x0000000000400000-0x0000000001654000-memory.dmp

          Filesize

          18.3MB

          Download

        • memory/5412-12-0x0000000004A90000-0x0000000007B35000-memory.dmp

          Filesize

          48.6MB

          Download

        • memory/5412-34-0x0000000004A90000-0x0000000007B35000-memory.dmp

          Filesize

          48.6MB

          Download

        • memory/5412-13-0x0000000004A90000-0x0000000007B35000-memory.dmp

          Filesize

          48.6MB

          Download

        • memory/5412-15-0x00000000743F0000-0x00000000743F7000-memory.dmp

          Filesize

          28KB

          Download

        • memory/5412-14-0x00000000777A1000-0x00000000778C1000-memory.dmp

          Filesize

          1.1MB

          Download