Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

46a76f8bfa...b4.exe

windows7-x64

7

46a76f8bfa...b4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 21:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46a76f8bfa51b0ee62046101027edf4ed86879ec9a7be517b36512efafa2dab4.exe

  • Size

    66KB

  • MD5

    c61b7b59693171e302a2a0b8d2195e80

  • SHA1

    f034f9d0ff46134c34c60783aae5c6e3c2db2e74

  • SHA256

    46a76f8bfa51b0ee62046101027edf4ed86879ec9a7be517b36512efafa2dab4

  • SHA512

    33373765884d6bb14738f140007da7ed985ba16b9d2819ab748c08b28e985c690c08324d88b3872e42241bff1ffb44c270a03ff10eb540bb2839ea59b05c1679

  • SSDEEP

    768:SPu+XVY9/eJZZw+tB9Vuo7uw1NmeuZjbv6M0MceOeX8M:SPuMVY0Zw+LKeuNbCMceXv

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46a76f8bfa51b0ee62046101027edf4ed86879ec9a7be517b36512efafa2dab4.exe
    "C:\Users\Admin\AppData\Local\Temp\46a76f8bfa51b0ee62046101027edf4ed86879ec9a7be517b36512efafa2dab4.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Users\Admin\AppData\Local\Temp\kyyjs.exe
      "C:\Users\Admin\AppData\Local\Temp\kyyjs.exe"
      2⤵
      • Executes dropped EXE
      PID:4272

Network

    No results found
  • 52.111.229.43:443
    322 B
     7
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\kyyjs.exe
    Filesize

    66KB

    MD5

    e863c8368b6b57ba299d2943b0b6aa0b

    SHA1

    e2f3228bfabda0d383ac224b483f76cb3494adc9

    SHA256

    326a7f3f384ab62da13c1ce69c42a06c7f13c92094c47888d0e95405194318ae

    SHA512

    891a6d1cbbfc4e2a40a913d3e8037fab6fc6e5fbe7c6fdd83fdd87fe6378a366602e58d463f73e17da919ab0ea72bd8d17757b3ea47efc28b979ac6da1d195f3

    Download Submit

  • memory/3040-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3040-1-0x0000000000401000-0x0000000000403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3040-13-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4272-14-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.