Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

ltweather.exe

windows7-x64

7

ltweather.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ltweather.exe

  • Size

    680KB

  • MD5

    c073c45b81996ac24eaa12339e81dc81

  • SHA1

    a81dd3aae0f95e07a44fc37434afa8400eca9dc8

  • SHA256

    e1d3dd3ea2f2fb40e2f8375591ffe5c7aa8214aa3ce7ddb5957f38983de09d77

  • SHA512

    e72d16ebf8788ed6642d2db494749e09e35cdc0c46691065894fb095d4357f0e3476fa4ffd4dbc130f35e8f18744840b21e12c396bba1e884954baeee6d39073

  • SSDEEP

    12288:wNSUNCmuSbVSL1OfCEN91c1sQP3i9cxVUDt5BFm1hByyx7rW9+DIom:wNSI1QL1OFs1/PzkPBFm1hBycaom

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ltweather.exe
    "C:\Users\Admin\AppData\Local\Temp\ltweather.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1444
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2172

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\GLC28C1.tmp
      Filesize

      161KB

      MD5

      315f8d68ff1a414806e7344ac8dd8b6d

      SHA1

      8fe6719bdf12244e8ef154e36c77ec487dbafeff

      SHA256

      90b9dfcb65f6e6cd0123f44cbf8310659f4c7ca4488a57d3045f72d55a9771e9

      SHA512

      95a5efdaf8f620f85838be6eb59768a421059595c1e07dd6680aac3bfd371075f1c9528cb2dceefb333c72ed6821a6e592ca7d16e2923f39212a0e1ffdba296a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GLK2AF4.tmp
      Filesize

      33KB

      MD5

      a6601202dda81c941e14dd79878ca61d

      SHA1

      a436aa8bd1d6b501d30f01c4587fb32d513038f4

      SHA256

      7906a8f868986edda9f7c4df0d93ed862959b81344a475f452b9e31c1aece464

      SHA512

      c27d32541f21e0a5aa45939855d4cddfec04ec466a1231d419b29cf07157751bf778ef851868181a0392fbe6ddcabf372b7a2d35519b5b3a2bda21ff7192a5b4

      Download Submit