Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3d8fe37f93...52.exe

windows7-x64

7

3d8fe37f93...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/05/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d8fe37f938e3fa58437db030743ecadb93ae42a7beaffd2c63e09b228e1d352.exe

  • Size

    2.3MB

  • MD5

    0b1f52c62537d2648b4376a9859a70a3

  • SHA1

    2531a15d2b66d35966fecab4be46c8cdff6a1abd

  • SHA256

    3d8fe37f938e3fa58437db030743ecadb93ae42a7beaffd2c63e09b228e1d352

  • SHA512

    87f9b6deb93f0f153c84b011e71b35a2493ac5631f7091aee669bbff6f302bbe0533accb34d30382817c81a507ec1b28608965d54a8d1594553ae956962c979f

  • SSDEEP

    49152:rril5TiaWG55+ovfGYqEAf8RlPMJlio68D:rrI5WaWG55+ovfGYqEAf8RlPlo68

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d8fe37f938e3fa58437db030743ecadb93ae42a7beaffd2c63e09b228e1d352.exe
    "C:\Users\Admin\AppData\Local\Temp\3d8fe37f938e3fa58437db030743ecadb93ae42a7beaffd2c63e09b228e1d352.exe"
    1⤵
    • Checks computer location settings
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Program Files (x86)\xjkSet_171122\3d8fe37f938e3fa58437db030743ecadb93ae42a7beaffd2c63e09b228e1d352.exe
      "C:\Program Files (x86)\xjkSet_171122\3d8fe37f938e3fa58437db030743ecadb93ae42a7beaffd2c63e09b228e1d352.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\xjkSet_171122\3d8fe37f938e3fa58437db030743ecadb93ae42a7beaffd2c63e09b228e1d352.exe
    Filesize

    300KB

    MD5

    3c32b7b8b2083e7df06d257f9a42213f

    SHA1

    7d20544dbe9a440550319c19f7cafe72b4d85208

    SHA256

    bb136bb4dea5302f2b178587ca80f08ecbcc96a0fc6e08dd5d5c455c474113ab

    SHA512

    6251255f16869161f728a77920b1c2ae181433444bd07009f14eb624726a025495dd6e7db86373b7e4a24d281298dbccbe1dd3bb7634d81eabe0a9ccc46e9e95

    Download Submit

  • C:\Program Files (x86)\xjkSet_171122\api2xxx_dll_M.dll
    Filesize

    1.8MB

    MD5

    ff1c75cd32367a44baba026c6e65d237

    SHA1

    a89c7f1a61a4d88fcd06d6a261534fbfd1d12020

    SHA256

    792f847ac258fdfa929a7bcce0c7d8e3653e6cbe8814b5fdb047235e798a9f35

    SHA512

    4d5866c40f9d69bcbea061f46790d7bc7fc3379cc8a2609bab7bdb88d75e0f8bfe7d908a2ce28e4de411c179fdfd84052bf043bdf0be311c95be92887f167a5a

    Download Submit