Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

79a4c04639...1).exe

windows7-x64

5

79a4c04639...1).exe

windows10-2004-x64

5

Analysis

  • max time kernel
    50s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79a4c04639a0a9983467370b38de262641da79ccd51a0cdcd53aba20158f1b3a (1).exe

  • Size

    1.5MB

  • MD5

    9b8ecdecbe7ac4bbf4568817f6f1fc39

  • SHA1

    d41567a74542711ccca62d5435046be6f3110d4c

  • SHA256

    79a4c04639a0a9983467370b38de262641da79ccd51a0cdcd53aba20158f1b3a

  • SHA512

    828d8c3fe9e246d2905d06a0b1a8bd6fa259fe2412511a82eb40e2ebc20b91033c0049a830dc74bb4cfc60ecd5030ce9df540daa24f1c63af554490c8cae5ab2

  • SSDEEP

    24576:tkvbQk+DgkJntzJ6ftUpd3V073hRzo8zqXUyInFXJGiwo:tkvbQ7TJnzaUpxVExhoBQsif

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79a4c04639a0a9983467370b38de262641da79ccd51a0cdcd53aba20158f1b3a (1).exe
    "C:\Users\Admin\AppData\Local\Temp\79a4c04639a0a9983467370b38de262641da79ccd51a0cdcd53aba20158f1b3a (1).exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh wlan export profile folder="C:\Windows\System32\wifies\\" key=clear && cls
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Windows\system32\netsh.exe
        netsh wlan export profile folder="C:\Windows\System32\wifies\\" key=clear
        3⤵
          PID:1676
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c dir /s /b /a-d C:\Windows\System32\wifies\
        2⤵
          PID:3532
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c pause
          2⤵
            PID:1540
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5056 --field-trial-handle=2536,i,8161505972217706694,705854963991409854,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:2408

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\System32\temp.tmp
            Filesize

            998B

            MD5

            8dfe1f090b1b6729785a556692ba25d4

            SHA1

            fac3c82a8bd28f4801884be1e960604fc8aa61a9

            SHA256

            df8b3b521f0c01bb4366254f43c94ac0c31481f0501d55bd08d113f237a949a4

            SHA512

            51621cd57d4659bb1424b224c41a08529c32de98d75bc50077aa520051134df0aa6d8d46f55287cf01d741bb32f76897ef6b96854d414cbd24f8b28f6928d5cc

            Download Submit

          • C:\Windows\System32\temp.tmp.bmp
            Filesize

            3.5MB

            MD5

            919460d6a13997a49054d156fa677c19

            SHA1

            85675a29230d615b829b52810205c1fe87becd0c

            SHA256

            ffda1d4286a8a3b587e3eb15356ab849ccb03dd89fb7daaa911bab8e3f6f3afa

            SHA512

            c2d7faa06c8df98706bfa46a9d49d2cb3e5f49362b176af73fe161a85ce99471f87a1acf3d0373972cf0cd8d48ea012b6bccd8fc93ec90fefe6968f6a8ce11b5

            Download Submit

          • memory/4768-59-0x00007FF732020000-0x00007FF7321AF000-memory.dmp

            Filesize

            1.6MB

            Download