Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4ce2b845af...5f.exe

windows7-x64

7

4ce2b845af...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    28/04/2024, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f.exe

  • Size

    396KB

  • MD5

    1f491b47bb66d0d59a8a84204907df6f

  • SHA1

    a2ee087f969a1753d5bd32a512be15f90471304b

  • SHA256

    4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f

  • SHA512

    09a15262f9429667e0f8ce2b22af2f6146b2f973522649953c4d93d87f12780991b222d3d6ac2137b41710e227783d90ef623faa7ae6d4584e09503e8c5bb3e5

  • SSDEEP

    6144:4jlYKRF/LReWAsUyjzSWVADHX3ooPFVHO2LVAWWuZz3:4jauDReWhKDHX3ooPFA2LVAQ3

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f.exe
    "C:\Users\Admin\AppData\Local\Temp\4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\ProgramData\ibmqc.exe
      "C:\ProgramData\ibmqc.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache .exe
    Filesize

    396KB

    MD5

    0cda6976aaf89ba665cfb19dfaf2c81f

    SHA1

    34ac037d6cf4720cd4724d19f74b70e2ef6dcc60

    SHA256

    900fb640e4a5d0995f16fe36df6622dced20bd55b49064d9993775e9a7e1a87d

    SHA512

    00a42545d51a091090f3a9eef3916a9a341b4896ccd984262084308ff4142240b05a6868da8305d623ae446b05a757e2f8c3b5a54017dd3fb7a339bd69ef1dd0

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\ibmqc.exe
    Filesize

    259KB

    MD5

    b3e0e5440de04ebead041c7c67aae138

    SHA1

    ed32ff7037dabf9f9b34f98f42fe4da72d0b3a96

    SHA256

    aba1ac18d916aff657b3a543b4ca856cdfb92e524a87390b22d86afbeec4ce7d

    SHA512

    19c200c89d25e177a9d507596c69bae5ef8f4a7b1447ae8f813457f531cecc104a559acd4ee835f9977b83ab5f305c0ff3f17a96168b1617d9e54a2064c7abd4

    Download Submit

  • memory/1992-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1992-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1992-12-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2320-135-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2320-923-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download