Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4ce2b845af...5f.exe

windows7-x64

7

4ce2b845af...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f.exe

  • Size

    396KB

  • MD5

    1f491b47bb66d0d59a8a84204907df6f

  • SHA1

    a2ee087f969a1753d5bd32a512be15f90471304b

  • SHA256

    4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f

  • SHA512

    09a15262f9429667e0f8ce2b22af2f6146b2f973522649953c4d93d87f12780991b222d3d6ac2137b41710e227783d90ef623faa7ae6d4584e09503e8c5bb3e5

  • SSDEEP

    6144:4jlYKRF/LReWAsUyjzSWVADHX3ooPFVHO2LVAWWuZz3:4jauDReWhKDHX3ooPFA2LVAQ3

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f.exe
    "C:\Users\Admin\AppData\Local\Temp\4ce2b845af3bb367883aeebd12f577d1143a9d106402d50dd257ad5bcdc7405f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\ProgramData\lhprp.exe
      "C:\ProgramData\lhprp.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    396KB

    MD5

    678c17ab3685438f381e6afaf14aa36b

    SHA1

    905717e18369518582095dc8403a965df9c479e1

    SHA256

    89bdb85e8b1038c96893386a5e6d94f7eac4d675121324ce3e64b0c412ebca47

    SHA512

    9fcd0d5d82b305c90839b735dd6e32dbc048ba1f6cd2a1c183221ecf6693189efcab6f18d23756dbcb77d0169c814cdcc033a7d1475e5d8e76279603caaab697

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • C:\ProgramData\lhprp.exe
    Filesize

    259KB

    MD5

    b3e0e5440de04ebead041c7c67aae138

    SHA1

    ed32ff7037dabf9f9b34f98f42fe4da72d0b3a96

    SHA256

    aba1ac18d916aff657b3a543b4ca856cdfb92e524a87390b22d86afbeec4ce7d

    SHA512

    19c200c89d25e177a9d507596c69bae5ef8f4a7b1447ae8f813457f531cecc104a559acd4ee835f9977b83ab5f305c0ff3f17a96168b1617d9e54a2064c7abd4

    Download Submit

  • memory/1408-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1968-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1968-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1968-8-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download