Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0b428ee31a...88.exe

windows7-x64

3

0b428ee31a...88.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b428ee31ae85fed58dc06824671823e7e413027cfe8888eb620459d92b16088.exe

  • Size

    26KB

  • MD5

    55695b062d3b7ba38faa0c4e2fbf80d5

  • SHA1

    b568062209dfd46aab41870f2a2b27c65becdc9e

  • SHA256

    0b428ee31ae85fed58dc06824671823e7e413027cfe8888eb620459d92b16088

  • SHA512

    097a5839d2f430823c01603185c5be9755bab28c460e6b4ec701f5ebd56d9f86d41f4734680a5547f67cb287da639436ea13ee84d903a02ede6a5727ce306d72

  • SSDEEP

    384:B5FZdgAkTiM79mgL2RCvVhRF19c4BCal0/U8hRF1hxKSO:d3M7Yu2RYpF19L+/F15O

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 3 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b428ee31ae85fed58dc06824671823e7e413027cfe8888eb620459d92b16088.exe
    "C:\Users\Admin\AppData\Local\Temp\0b428ee31ae85fed58dc06824671823e7e413027cfe8888eb620459d92b16088.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2608
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4575.tmp\batchfile.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4248
      • C:\Windows\SysWOW64\chcp.com
        chcp 65001
        3⤵
          PID:776
        • C:\Windows\SysWOW64\mode.com
          mode 80,15
          3⤵
            PID:224
          • C:\Windows\SysWOW64\timeout.exe
            timeout 3
            3⤵
            • Delays execution with timeout.exe
            PID:3912
          • C:\Windows\SysWOW64\timeout.exe
            timeout 2
            3⤵
            • Delays execution with timeout.exe
            PID:2312
          • C:\Windows\SysWOW64\timeout.exe
            timeout 2
            3⤵
            • Delays execution with timeout.exe
            PID:4892
          • C:\Windows\SysWOW64\mode.com
            mode 130,30
            3⤵
              PID:3504

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4575.tmp\batchfile.bat
          Filesize

          17KB

          MD5

          40da5049abcab02a747c57d1ed8cf512

          SHA1

          74b6d7cd149bdf61abebb512aa89252bde8cd0bd

          SHA256

          45c6138928d29ed3e234bde22bf7d5288254c94df958a19fa57ed49a68ba1562

          SHA512

          f5bf93f08b76e670637c3de2820bdfa334c475f8a072c4ffafaac332383f750216dbff589d3377cdb9afe009f0db7ecb25fd923497da089dc26c5e96c28c4a9a

          Download Submit

        • memory/2608-0-0x0000000000400000-0x0000000000405000-memory.dmp

          Filesize

          20KB

          Download

        • memory/2608-5-0x0000000000400000-0x0000000000405000-memory.dmp

          Filesize

          20KB

          Download