Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

230c39b779...da.exe

windows7-x64

7

230c39b779...da.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    230c39b779801610fab30a82f81e08f8f7abe197feee6bb180690fd7bcece7da.exe

  • Size

    85KB

  • MD5

    99c54049f8dedb1d7d7376c6790c972d

  • SHA1

    728dd3992296125e1793f393b6e9792f41b312c3

  • SHA256

    230c39b779801610fab30a82f81e08f8f7abe197feee6bb180690fd7bcece7da

  • SHA512

    cae136275b2d931f3432c56ee2c02630ce5ab9bb7178e9bc4c0bd45ee33013a9d8f104a6321e77b1b941bea66e83e813033bd5104362e2613c93cf3d853dc3d3

  • SSDEEP

    1536:/Ao0zj2d6rnJYulBJnJBSX1nV1b1N1Il1k1YFI1x1J1MuEqx517Q/1T1Jzct01NV:/AoAliulHnJBSX1nV1b1N1Il1k1YFI1q

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\230c39b779801610fab30a82f81e08f8f7abe197feee6bb180690fd7bcece7da.exe
    "C:\Users\Admin\AppData\Local\Temp\230c39b779801610fab30a82f81e08f8f7abe197feee6bb180690fd7bcece7da.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:3544
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5028

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\microsofthelp.exe
      Filesize

      85KB

      MD5

      8d28a9272d135b20782ca49d6ef37dcb

      SHA1

      070f5c7dd4fefe1549594169c3f45e83c6a5cb45

      SHA256

      9b109a9db7e34ba126246502760819fce4743ee010733b42c8fa5b51d6960a9e

      SHA512

      c786e4d38c8dfd7506406144986b67bacd257bb97ff13413577e0a8a688e37e0a12a5c8807379ad930ae90efec4fc5eb4dc1f9d1adf66052bad723a6635b9b9d

      Download Submit

    • memory/2212-0-0x0000000000400000-0x000000000040D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2212-4-0x0000000000400000-0x000000000040D000-memory.dmp

      Filesize

      52KB

      Download